Stephane, Stephane Bortzmeyer wrote: > On Thu, Apr 23, 2009 at 06:32:38PM +0800, > ???? <m...@cnnic.cn> wrote > a message of 85 lines which said: > >> while DNSSEC fails to give a means by which the DNS queries or >> responses transmitted between a host and a recursive server could be >> guaranteed integrity and authentication. > > Not really true. Many people think that the validating resolver should > be on the host itself. This would use DNSSEC to secure even the last > mile.
Presumably it would still forward queries to a nearby recursive resolver, so there would be some shared caching going on? Has anybody ever written this down anywhere? (Sorry if I missed it.) -- Shane _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
