Mark Andrews <ma...@isc.org> wrote: > Tony Finch <d...@dotat.at> wrote: > > Roy Arends <r...@dnss.ec> wrote: > > > > > If that succeeds, only then validation makes sense. > > > > Why? Why not validate the chain of referrals as you follow them? The > > protocol is designed to support that otherwise it would not include the DS > > in the referral. > > It's more because we havn't coded for it yet, especially the non > existence case, than anything else.
Yes, and that's perfectly fine :-) I'm just puzzled why Roy thinks it doesn't make sense to reduce validation latency. I'm also wondering what the advantages are to bottom-up validation. It gets really knotty when the leaf records have broken signatures - you have to keep walking up the tree to see if there's an insecure delegation to work out whether to return bogus or insecure. Tony. -- f.anthony.n.finch <d...@dotat.at> http://dotat.at/ Forties, Cromarty: East, veering southeast, 4 or 5, occasionally 6 at first. Rough, becoming slight or moderate. Showers, rain at first. Moderate or good, occasionally poor at first. _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
