My Favourites
opensubscriber
   Find in this group all groups
Home     Log In     Sign Up     FAQ    
 
Unknown more information…
d : dnsop@ietf.org 2 May 2012 • 1:06AM -0400

Re: [DNSOP] NTA... the new NAT?
by paul vixie

REPLY TO AUTHOR
 
REPLY TO GROUP



On 5/1/2012 4:34 PM, Chris Thompson wrote:
> What would be needed would be a method of finding out about *all*
> DNSSEC trust anchors being used, both positive and negative.

+1.

>
> And what about DLV? (sorry, Jim)
>

dlv is probably wrong for this, for two reasons.

first, it only engages when normal validation fails. i think there are
nta use cases where validation succeeds.

second, dlv is only implementable in a recursive server. we need to take
seriously stub validation and dnssec-enabled apps (like dane).

--
"But I'm not done complaining." --Dagon, 2012

_______________________________________________
DNSOP mailing list
DNSOP@ietf...
https://www.ietf.org/mailman/listinfo/dnsop
Bookmark with:

Delicious   Digg   reddit   Facebook   StumbleUpon

Related Messages

opensubscriber is not affiliated with the authors of this message nor responsible for its content.
© opensubscriber 2010
All rights reserved.

Alternate link - Alternate link