Hi, On Aug 20, 2014, at 6:21 PM, Andrew Sullivan <a...@anvilwalrusden.com> wrote:
> On Thu, Aug 21, 2014 at 10:52:46AM +1000, Mark Andrews wrote: >> It was also a required step as you can't reliably >> validate in the client unless the recursive server has filtered out >> the spoofed answers. > > If I understand you correctly, this devolves to the claim that the > validating client has to do its own recursion, lest it trut something > without basis. Is that what you're suggesting? I'm not opposed, but > let us be clear. I’m getting confused. What’s the difference between the “validating client” and a full validating resolver? Just the lack of cache? Tanks, -drc
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
