How can the response be trusted, if the resolver did not perform
validation?
"Hi, I'm the president of the United States. See, I've set the 'response
obtained through a secure channel' bit. Surely there is no need to
validate my claim."
--Dean
On Tue, 17 Feb 2004, Scott Rose wrote:
> First off, I think this draft is long overdue - thanks for publishing it.
>
> I was thinking that there might be a need for passing on the settings of the
> AD/CD bits, or a bit to indicate that the response was obtained through a
> secure channel. So three bits of the array in total:
>
> x AD bit set
> x+1 CD bit set
> x+2 response obtained through a secure channel
>
> I don't know if every application may care about this, but I can imagine a
> response array with the secure channel bit set, the AD bit set, indicating
> it could be trusted, even if the resolver did not perform validation itself.
>
>
> Scott
>
> .
> dnsop resources:_____________________________________________________
> web user interface: http://darkwing.uoregon.edu/~llynch/dnsop.html
> mhonarc archive: http://darkwing.uoregon.edu/~llynch/dnsop/index.html
>
.
dnsop resources:_____________________________________________________
web user interface: http://darkwing.uoregon.edu/~llynch/dnsop.html
mhonarc archive: http://darkwing.uoregon.edu/~llynch/dnsop/index.html
