Possibly because signature verification is thought to be expensive? On Thu, Dec 6, 2018 at 6:45 AM Mukund Sivaraman <[email protected]> wrote:
> Hi all > > Does anyone know why RFC 2136 sequences pre-requisite checks (section > 3.2) to be performed before client permission checks (section 3.3)? It > seems weird to sequence them in this way, especially as it is cheaper to > perform client IP address checks (and some zone permission checks) > earlier in order. > > Section 3.3.2 talks about why the client permissions check is in that > position previous to subsequent actions, but not why it can't be > performed earlier. > > Mukund > > _______________________________________________ > DNSOP mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/dnsop >
_______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
