Greetings again. Paul Wouters noticed an inconsistency in the terminology
draft, and upon investigation, I believe it is a problem (hopefully fixable)
with the definitions in RFC 4033. RFC 4033 and 4035 use the term "validating
resolver" in a few places. However, RFC 4033 never defines that. RFC 4033
*does* define "security-aware resolver":
Security-Aware Resolver: An entity acting in the role of a resolver
(defined in section 2.4 of [RFC1034]) that understands the DNS
security extensions defined in this document set. In particular,
a security-aware resolver is an entity that sends DNS queries,
receives DNS responses, supports the EDNS0 ([RFC2671]) message
size extension and the DO bit ([RFC3225]), and is capable of using
the RR types and message header bits defined in this document set
to provide DNSSEC services.
My personal interpretation is that "validating resolver" is a synonym for
"security-aware resolver". Do others agree? If not, how would you differentiate
them?
--Paul Hoffman
_______________________________________________
DNSOP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dnsop
