Ólafur Guðmundsson <ola...@cloudflare.com> wrote:
> Tony: the draft says right now: [...]
>
> Is that not sufficient ?
The most relevant bit in the current draft is:
If the DNS query includes DO=1 and the QNAME corresponds to a zone
that is known by the responder to be signed, a valid RRSIG for the
RRSets in the answer section MUST be returned.
which does in fact imply that you can leave the RRSIGs out when DO=0
if you read it properly (which I evidently failed to do!) but it's
probably worth saying so explicitly.
Tony.
--
f.anthony.n.finch <d...@dotat.at> http://dotat.at/
Sole, Lundy, Fastnet: West gale 8 to storm 10, decreasing 6 to gale 8,
occasionally 11 at first except in Sole. Very high or phenomenal, becoming
very rough or high. Squally showers. Moderate or poor.
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
