On Wed, Sep 03, 2008 at 11:33:54AM +1000, Mark Andrews <[EMAIL PROTECTED]> wrote a message of 24 lines which said:
> A NXDOMAIN response if cyptographically proved with DNSSEC. There are two possibilities: 1) I understand nothing to DNSSEC (this is quite possible, giving my experience with it and the complexity of the protocol). 2) You are playing with words. "The domain example.org does not exist" can be cyptographically proved with DNSSEC, that's correct. But you need NSEC* records to do so, you cannot directly sign a NXDOMAIN response. _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
