> If the verification is failed, it should response "Bogus" > If the resolver do not get enough data to do the verification, then the > resolver which weak trust anchor should be response with "insecure" DNS > package. it is up to end-user or netizens to decide what to do next.
If the resolver didn't get enough data, but should have, then the validation failed and the answer is bogus. Your proposal effectively promotes all bogus answers to insecure. -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop