I posted a –01 a short time ago (http://tools.ietf.org/html/draft-livingood-negative-trust-anchors-01) and listed this in open items for the next version. I may have some questions on the best way to include that.
Jason On 3/27/12 2:04 PM, "Antoin Verschuren" <[email protected]<mailto:[email protected]>> wrote: Op 27 mrt. 2012, om 12:04 heeft Tony Finch het volgende geschreven: Do you mean insecure (no DS) or bogus (broken RRSIGs)? Both, and also DS at parent but no RRSIGs or no DNSKEY in child. Actually it does not matter how they are broken, but that the brokenness is not meant to be fixed by a negative trust anchor. -- Antoin Verschuren Technical Policy Advisor SIDN Meander 501, PO Box 5022, 6802 EA Arnhem, The Netherlands P: +31 26 3525500 F: +31 26 3525505 M: +31 6 23368970 mailto:[email protected] xmpp:[email protected] http://www.sidn.nl/ _______________________________________________ DNSOP mailing list [email protected]<mailto:[email protected]> https://www.ietf.org/mailman/listinfo/dnsop
_______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
