RFC4035 section 3.2 looks like it has usable words surely? not from those words, but in my personal opinion, Any resolver which is able to understand and apply the semantic context of DNSSEC signatures over RR should be considered a validating resolver. However, a validating resolver may also be seen NOT to perform validation because it receives queries with the CD bit set. Therefore, you cannot say that all queries through a validating resolver necessarily demonstrate it is capable of validating. Its not entirely subject to external views of its behaviour without the full context of what was in the query received.
-G On Mon, Apr 2, 2018 at 11:45 PM, Paul Hoffman <paul.hoff...@vpnc.org> wrote: > Some folks didn't feel all that great about this because it's not defined in > an RFC. Specific suggestions welcome. > > Validating resolver: > A security-aware recursive name server, security-aware resolver, or > security-aware stub resolver that is applying at least one of the > definitions of validation (above), as appropriate to the resolution > context. For the same reason that the generic term "resolver" is > sometimes ambiguous and needs to be evaluated in context, > "validating resolver" is a context-sensitive term. > > _______________________________________________ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
