In message <[EMAIL PROTECTED]>, Mark Andrews writes:
>
> In message <[EMAIL PROTECTED]>, Pekka Savola write
> s:
> > On Fri, 14 Nov 2008, Mark Andrews wrote:
> > >> How does an application do "accept if signed and validated by DNSSEC"?
> > >
> > > You validate the CERT RRset using the techniques in RFC
> > > 4033, 4034 and 4035. If the answer is "secure" then it was
> > > signed and validated. You the match offered cert to the CERT
> > > RRs using the information from RFC 4398.
> > >
> > > Do you need more detail or is that enough guidance?
> >
> > I was interested in more detail, specifically, are there application
> > interfaces an application could use, or every app need to implement
> > validation using 4033-5 techniques (a lot of work, and most would
> > probably do it wrong)?
>
> There are a number of libraries available which can do
> dnssec validation.
And if you want to off load the validation you can used
AD + TSIG.
> Mark
> --
> Mark Andrews, ISC
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742 INTERNET: [EMAIL PROTECTED]
> _______________________________________________
> Ietf mailing list
> [email protected]
> https://www.ietf.org/mailman/listinfo/ietf
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: [EMAIL PROTECTED]
_______________________________________________
Ietf mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ietf
