Hi,
I believe there may of been some take away from Vancouver on direction.
I have a hand written note on this, but it was lost in the discussion on
Key Exchanges.
I will followup with you after tonight's meeting, and apologies for
dropping this.
tim
On 3/6/14, 5:57 PM, [email protected] wrote:
From: Tony Finch <[email protected]>
It is an interesting draft and I can see why the problem concerns you. The
dummy DS is a clever work-around, but it is a pity about the validation bug in
Google public DNS.
Thanks. I'm not sure that the validation error is a bug or not.
I wonder about the possibility of adjusting the rules for caching delegations.
Would it make sense to remember that a referral is insecure for the lifetime of
the NS RRset, instead of the lifetime of the negative DS answer?
This idea requires updating RFC 2308.
I'm afraid that when newly registered DS RR will be used if the
negative DS answer is cached.
--
Kazunori Fujiwara, JPRS <[email protected]>
_______________________________________________
DNSOP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dnsop
_______________________________________________
DNSOP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dnsop
