On 3 Apr 2018, at 1:34, Geoff Huston wrote:
I’ll remove the condition then.
Will you re-instate what Petr asked for, namely some wording that indicates that the resolver has to do DNSSEC validation on what it gets back from the authoritative server *regardless* of whether the originating client requests it? Without that, it is unclear what a resolver should do.
--Paul Hoffman _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
