On Wed, May 20, 2020 at 05:41:46PM -0400, Wietse Venema wrote:
> Rich Felker:
> [dnssec end-to-end probe, log a warning if for any reason results
> do not have the authentic data' bit set]'.
> > This sounds like a great plan that will also mitigate the problem of
> > glibc's AD-stripping by
Rich Felker:
[dnssec end-to-end probe, log a warning if for any reason results
do not have the authentic data' bit set]'.
> This sounds like a great plan that will also mitigate the problem of
> glibc's AD-stripping by default. FYI I've raised concerns about that
> again on libc-alpha:
>
>
On Wed, May 20, 2020 at 01:59:47PM -0400, Wietse Venema wrote:
> Viktor Dukhovni:
> > On Tue, May 19, 2020 at 05:19:26PM -0400, Wietse Venema wrote:
> >
> > > > https://git.musl-libc.org/cgit/musl/commit/?id=fd7ec068efd590c0393a612599a4fab9bb0a8633
> > >
> > > I understand that the AD (authentic
Viktor Dukhovni:
> On Tue, May 19, 2020 at 05:19:26PM -0400, Wietse Venema wrote:
>
> > > https://git.musl-libc.org/cgit/musl/commit/?id=fd7ec068efd590c0393a612599a4fab9bb0a8633
> >
> > I understand that the AD (authentic data) bit now is 'true' if
> > DNSSEC validation was successful. Thanks