[Dnssec-deployment] ANY (Re: CAT is signed )
fweimer at bfk.de
Thu Jul 1 04:34:33 EDT 2010
* Paul Vixie:
> clearly that'll have to be rethought if we go forward with kaminsky's idea
> of putting the whole rrsig/dnskey/ds chain into recursive responses to stub
> queries in order to facilitate stub/app validators. on the other hand it'd
> be a protocol change (new signalling bit) so there's no reason to worry
> about the installed base.
It should be possible to reuse the DO bit for that, just as it was
reused in DNSSECbis and DNSSECbis+NSEC3. This shows that the DO flag
isn't that much about DNSSEC resource records, really.
But that's probably off-topic for this list.
Florian Weimer <fweimer at bfk.de>
BFK edv-consulting GmbH http://www.bfk.de/
Kriegsstraße 100 tel: +49-721-96201-1
D-76133 Karlsruhe fax: +49-721-96201-99
More information about the Dnssec-deployment