On Jan 14, 2011, at 9:00 AM, James Carlson wrote: > Or should the resolver somehow "know" whether the DHCPv6 information is > "secure," for whatever "secure" means? And how would it know that the > information is as valid as the DNSSEC information?
This is, of course, the key problem. The resolver has no way, a priori, to know that the information from the DHCPv6 server is valid. It has to validate it somehow, or else the answer it is providing to the end-user is potentially harmful. _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
