On Wed, Oct 03, 2012 at 09:51:20AM -0400, Paul Wouters wrote: > > If the application gets a TLSA record, it must have passed DNSSEC > validation
I see. So your model is that the application asks for a TLSA record, and if it gets one then it can infer that the record also passed validation? Hrm. That's an interesting answer, and it hadn't occurred to me before that the application could rely on such an inference. How can the application be sure the resolver is DNSSEC-aware? Best, A -- Andrew Sullivan [email protected] _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
