At 9:15 AM -0400 7/14/09, Livingood, Jason wrote: >On 7/14/09 8:58 AM, "Suzanne Woolf" <wo...@isc.org> wrote: > >> In this case, we're talking about resolvers replacing >> authoritative server data with their own. > >Actually, I thought the case was resolvers providing an alternate response, >where NO authoritative data exists. ??
The draft in question covers multiple scenarios, including the one in section 5.2, "Malicious Site Protection". In that scenario, the lying resolver is purposely provides an alternate response authoritative date exists but the service provider wants to protect the querier from being harmed. Thus, your response above is wrong. By grouping different scenarios together in one document, it is difficult to differentiate obviously dangerous behaviors from potentially valuable behavior that queriers might want. --Paul Hoffman, Director --VPN Consortium _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop