"Ben Campbell" <[email protected]> writes:
[everything else addressed but I had a question about this last one:]
>>> -8: Seems like there could be more to say about the potential
>>> consequences about the “fail or proceed without security” decision
>>> in 6
>>> and 6.1.
>>
>> I think the world is very much at a loss as to the best thing to do in
>> that case. And is likely very case specific. Military installations
>> tend to be a bit more strict about continuing through to a
>> unacceptable
>> security certificate, eg. I'm not sure we can enumerate every
>> context,
>> but rather say each local policy will need to do what is appropriate
>> for them.
>>
>
> I think it would be useful to say _that_. (as in "here's a security
> consideration people need to, well, consider")
How's this sound as a concluding sentence:
<section title="What To Do">
<t>If Host Validator detects that DNSSEC resolution is not
possible it SHOULD log the event and/or SHOULD warn user. In
the case there is no user no reporting can be performed thus
the device MAY have a policy of action, like continue or
fail.
new: Until middle boxes allow DNSSEC protected information to
traverse them consistently, software implementations may need
to offer this choice to let users pick the security level they
require.</t>
</section>
It's not an easy thing without introducing more "temporal" text into the
document
--
Wes Hardaker
Parsons
_______________________________________________
DNSOP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dnsop
