On Aug 26, 2008, at 1:35 PM, Matt Larson wrote: > On Tue, 26 Aug 2008, David Conrad wrote: >> On Aug 26, 2008, at 12:08 PM, Matt Larson wrote: >>> Note that the root-servers.net zone as configured on >>> root.verisignlabs.com is not signed, since the root-servers.net zone >>> would not be signed, nor would it need to be, if the root were >>> signed. >> Sorry. Perhaps I need more caffeine. Why not? > Validation will work without it. A validator will either be able to > form a chain of trust to a signed zone or it won't, and validate the > answer to its original query or not. A signed root-servers.net zone > is not a zone in that chain of trust.
Ah. I thought you were talking the more general case. Told you I needed more caffeine. Regards, -drc _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
