Mark Andrews <[email protected]> wrote: > Tony Finch <[email protected]> wrote: > > Roy Arends <[email protected]> wrote: > > > > > If that succeeds, only then validation makes sense. > > > > Why? Why not validate the chain of referrals as you follow them? The > > protocol is designed to support that otherwise it would not include the DS > > in the referral. > > It's more because we havn't coded for it yet, especially the non > existence case, than anything else.
Yes, and that's perfectly fine :-) I'm just puzzled why Roy thinks it doesn't make sense to reduce validation latency. I'm also wondering what the advantages are to bottom-up validation. It gets really knotty when the leaf records have broken signatures - you have to keep walking up the tree to see if there's an insecure delegation to work out whether to return bogus or insecure. Tony. -- f.anthony.n.finch <[email protected]> http://dotat.at/ Forties, Cromarty: East, veering southeast, 4 or 5, occasionally 6 at first. Rough, becoming slight or moderate. Showers, rain at first. Moderate or good, occasionally poor at first. _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
