On Wed, Jul 19, 2017 at 02:28:37PM +0200, Shumon Huque <[email protected]> wrote a message of 153 lines which said:
> > Suppose I send the list ECDSA;RSA, and I receive only ECDSA > > signatures. How the resolver/cache would now if it was a complete > > list? > > The response contains the EDNS0 option if the responder executed > this protocol. In which case, the cache would tag this response as a > subset. Sorry, I still do not understand. The EDNS0 option does not indicate if the set is a subset or not. Or do you assume that, if the response indicates that the responder executes this protocol, an answer is always a subset (even if it's not)? > When the resolver queries the DNSKEY RRset for the zone, it knows > which algorithms are supported for the zone. You can have keys which are not used for signing (such as in the root today). _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
