[dns-operations] 答复: 答复: Double-signature validation "And" or "OR" ?
Mukund Sivaraman
muks at isc.org
Thu Jun 1 07:26:45 UTC 2017
Hi Davey
On Thu, Jun 01, 2017 at 02:40:03PM +0800, Davey Song(宋林健) wrote:
> OK. I understand. It sounds to me that the DNSSEC validation logic is depend
> on implementation , but not required in DNSSEC specification, right ?
RFC 4035 section 5 covers validator behavior. E.g., in section 5.3.3.
Checking the Signature:
If other RRSIG RRs also cover this RRset, the local resolver security
policy determines whether the resolver also has to test these RRSIG
RRs and how to resolve conflicts if these RRSIG RRs lead to differing
results.
Mukund
More information about the dns-operations
mailing list