On 09/02/2022 22.41, Wes Hardaker wrote:
So I've re-arranged things a bit to hopefully address the flow better.
Let em know if you think further improvements are warranted.
I'd still probably suggest at least a minimalist change like:
-Note that a validating resolver MUST still validate the signature
+Note that a validating resolver returning an insecure response MUST
still validate the signature
But to me it's certainly not a big deal. (Though not changing this
would mean that formally I wouldn't be exactly following the RFC.)
--Vladimir
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
