> On Aug 26, 2008, at 1:35 PM, Matt Larson wrote: > > On Tue, 26 Aug 2008, David Conrad wrote: > >> On Aug 26, 2008, at 12:08 PM, Matt Larson wrote: > >>> Note that the root-servers.net zone as configured on > >>> root.verisignlabs.com is not signed, since the root-servers.net zone > >>> would not be signed, nor would it need to be, if the root were > >>> signed. > >> Sorry. Perhaps I need more caffeine. Why not? > > Validation will work without it. A validator will either be able to > > form a chain of trust to a signed zone or it won't, and validate the > > answer to its original query or not. A signed root-servers.net zone > > is not a zone in that chain of trust.
But it will be eventually and "priming" queries need to work when it is. We can either look at this now or look at it when root-servers.net gets signed. > Ah. I thought you were talking the more general case. Told you I > needed more caffeine. > > Regards, > -drc > > _______________________________________________ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: [EMAIL PROTECTED] _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop