On 03/23/2016 09:03 PM, Andrew Sullivan wrote: > I don't understand how it's a way to evaluate this claim. DNSSEC > includes a bit (DO) that says you're prepared to handle the additional > data in the answer section. Indeed, the unpreparedness of people for > this data was just exactly the reason for the DO bit. What isn't > clear to me is whether people implemented that as, "Take whatever > comes in the answer even if you didn't ask for it," or whether they're > looking for DNSSEC data. The latter is what DO says one is prepared > to do.
DO was used initially for SIG and kept for RRSIG. For an early DNSSEC implementation, RRSIG was just another unsolicited RR type because it could only know about SIG. This suggests (to me at least) that practically speaking, DO isn't strongly tied to DNSSEC. Florian _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
