On Sep 11, 2019, at 4:02 PM, Wes Hardaker <[email protected]> wrote: > > Tim Wicinski <[email protected]> writes: > >> it sounds to me that a discussion on assumptions with EDEs and RCODES >> would be useful in the security considerations section as well. > > I'll look at wording along those lines. > > Note, however, that EDE codes are specifically meant as supplemental > information and shouldn't be "acted" upon. Hence > > Paul> A developer writes code that assumes that EDE X must go with RCODE Y > Paul> because the text for EDE X indicates that. The get a response with EDE > Paul> X and RCODE Z. The code rejects that, and does not act on RCODE Z. > > "does not act on RCODE Z" is already the right approach, since it's > unauthenticated in the first place (which is discussed in the > document).
I do not understand this. Many receivers of RCODEs act on them even though they are unauthenticated. A recursive resolver receiving a message with RCODE of SERVFAIL will look at other authoritative servers, for example. --Paul Hoffman _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
