> On Apr 27, 2017, at 08:11, Florian Weimer via Unbound-users > <[email protected]> wrote: > > Does Unbound use otherwise non-trustworthy data simply because it has > valid DNSSEC signatures? >
How can data be signed and validated and also "non-trustworthy" ? I see how data can be unwanted or superfluous, but if it validates then the daemon could obtain the same data using direct queries. So I am not sure what the actual problem is. "If crypto fails then evil could happen" isn't a very convincing augment against additional signed data and efforts to reduce latency in a proper implementation. Paul
