On 2 Apr 2018, at 17:05, George Michaelson wrote:
RFC4035 section 3.2 looks like it has usable words surely?
Maybe I'm an idiot, but I see no definition of "validating resolver" there.
not from those words, but in my personal opinion, Any resolver which is able to understand and apply the semantic context of DNSSEC signatures over RR should be considered a validating resolver. However, a validating resolver may also be seen NOT to perform validation because it receives queries with the CD bit set. Therefore, you cannot say that all queries through a validating resolver necessarily demonstrate it is capable of validating. Its not entirely subject to external views of its behaviour without the full context of what was in the query received.
Errr, could you give that specific words that you would want to replace the current definition?
--Paul Hoffman _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
