>
> I was VERY surprised to see the opposite text sneak its way into
> a pull request, and equally surprised that a co-author of the draft
> approved the request and pushed the -09 version without raising this
> on the mailing list, particularly as it directly contradicts your
> message here.
>
> The current text in -09 reads:
>
> The DNS response is DNSSEC validated, regardless of whether
> DNSSSEC validation was requested, and result of validation is
> “Secure"
>
> I believe this text in the current draft is incorrect and leads to
> the wrong behaviour. The idea is for the resolver to act in a manner
> that is consistent with the way it would behave in a hypothetical key
> roll scenario - and if the query has the CD bit set the resolver would
> return the response without this special process.
>
My sincere apologies for the intemperate tone of this post, and to Paul and
Warren
here. I managed to choose a form of expression that conveyed a far more strident
and aggressive tone than I intended, and I sincerely did not intend to cause
offence here. In any case I do apologise for this, and I'll attempt to be far
more prudent in future with my postings to this list.
Geoff
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
