* Paul Wouters: > Sorry, I mistook the flags in the struct to be the DNS flags. Let me > rephrase it as "a DNS API call that returns the presence or lack of > AD bit"
I think this focus on the AD bit is a grave mistake. There are other technologies for securing DNS data. At least one of them (installing an authenticated copy of the zone in the resolver) is superior to DNSSEC according to various criteria, but full implementation requires that the resolver clears the AD bit. _______________________________________________ dane mailing list [email protected] https://www.ietf.org/mailman/listinfo/dane
