On 8 Apr 2014, at 11:01, Edward Lewis <[email protected]> wrote:
> But isn’t that example (below) a new API? ;) I wasn't reacting to the newness of the API, but rather the dual approaches of (a) provide a new DNS API for applications, or (b) leave applications using the existing/archaic API for name resolution, and introduce an additional API that characterises the security characteristics of their use. Amongst the problems with (b) is the lack of fine-grained (e.g. DNSSEC-specific) message passing to the application, so that it can react to the various failure modes in a manner that allows users to be informed and the application generally to make good choices. Joe _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
