[dns-operations] Validation direction (Was: Re: Org Dnskey TTL)

Andrew Sullivan ajs at shinkuro.com
Tue Apr 20 14:50:32 UTC 2010

On Tue, Apr 20, 2010 at 10:47:03AM -0400, Edward Lewis wrote:
> If all the validators are resolving downward, then now I understand all 
> the bugs we've seen in the past few rounds of DNSSEC code drops.

Well, _all_ of them aren't, of course, since we have an example of one
that doesn't.  But I take your point.

> This explains a lot of the issues we've seen lately.  Unknown algorithm 
> bugs, conflicts between trust anchors and live keys, to name two.

The latter I get, but could you explain more how the unknown algorithm
stuff is relevant?  (Also, does this belong over in
protocol-maintenance land?  I can't tell.)


Andrew Sullivan
ajs at shinkuro.com
Shinkuro, Inc.

More information about the dns-operations mailing list