[dns-operations] Double-signature validation "And" or "OR" ?
Davey Song(宋林健)
ljsong at biigroup.cn
Thu Jun 1 02:39:14 UTC 2017
Hi folks,
I encounter a question on how DNSSEC validating resolver work if it receive
double-signature. Does it require the resolver to validate both signatures
or only one signature if that one is validated?
I guess the relation of the two signature is logic “Or” for unique
algorithm, and logic “And” for multiple algorithm. Because I read some
resolver checks that a valid chain of trust exists for different algorithm
separately (like Unbound). Is it true?
Best regards,
Davey
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20170601/17a8ed18/attachment.html>
More information about the dns-operations
mailing list