On Tue, 12 Nov 2013, Tony Finch wrote:
Tim Wicinski <tim.wicin...@teamaol.com> wrote:
http://www.ietf.org/proceedings/88/minutes/minutes-88-dnsop
Re. edns-tcp-chain-query and edns-tcp-keepalive, the minutes say "DNSSEC
requires many round-trips to get all the data needed to validation."
This is probably a correct report of what was said but the statement is
wrong. In most situations you can get everything needed to validate in one
round trip; the problem is that current implementations do not do this.
Really? If I want to validate www.nohats.ca, and I don't have more than
the DS/DNSKEY of ca, how can I do this in one round trip without these
drafts? You mean just adding items in the additional section?
Paul
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
