[dns-operations] Validation direction (Was: Re: Org Dnskey TTL)
Ed.Lewis at neustar.biz
Tue Apr 20 14:47:03 UTC 2010
At 10:22 -0400 4/20/10, Andrew Sullivan wrote:
>On Tue, Apr 20, 2010 at 10:14:53AM -0400, Joe Abley wrote:
>> It had not actually occurred to me that anybody would think
>>bottom-up was a good idea.
>Me either. That doesn't mean someone won't do it as their standard
>practice! I know that libsresolv does bottom-up. It's the only one
>so listed on http://www.dnssec.net/software.
My, my, how far the flock as strayed!
If all the validators are resolving downward, then now I understand
all the bugs we've seen in the past few rounds of DNSSEC code drops.
This explains a lot of the issues we've seen lately. Unknown
algorithm bugs, conflicts between trust anchors and live keys, to
NeuStar You can leave a voice message at +1-571-434-5468
Wouldn't it be nice if all of the definitions of equivalence were the same?
More information about the dns-operations