On 5/1/2012 4:34 PM, Chris Thompson wrote: > What would be needed would be a method of finding out about *all* > DNSSEC trust anchors being used, both positive and negative.
+1. > > And what about DLV? (sorry, Jim) > dlv is probably wrong for this, for two reasons. first, it only engages when normal validation fails. i think there are nta use cases where validation succeeds. second, dlv is only implementable in a recursive server. we need to take seriously stub validation and dnssec-enabled apps (like dane). -- "But I'm not done complaining." --Dagon, 2012 _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
