In article <9952199f-9ea5-2d51-a5d2-6aaf80577...@nthpermutation.com> you write: >If a computer can't figure out what to do with a failed validation >absent human interaction then you might as well say: > >"ZONEMD RRs may be safely ignored by all but the geekiest of DNS human >operators as there is no guidance on what to do if you see a zone that >appears to be incomplete due to ZONEMD RR validation as it might not >actually be incomplete"
Well, OK, here's a concrete example. I download the COM zone every day from Verisign, and also a separate file with an MD5 hash of the main file. Using RFC 2119 language, what do I do if the hash I get doesn't match their hash? For background, there are about 1600 people with passwords to download the .com file, with a few dozen new passwords issued each month. I can tell you what I do with the zone file, but I have no idea what the other 1599 do. The downloads are by plain old FTP, since this was set up a long time ago. R's, John _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
