On 28.3.2017 17:47, Paul Wouters wrote: >> So again, MUST NOT is the right choice. I'm going to write tests for >> Knot Resolver to ensure we never set AD bit for zones signed using MD5. >> Right now. > > If you want to accomplish this, why not actually follow the MUST NOT and > remove MD5 support so it is treated as unsupported algorithm and also won't > get an AD bit? That way your code has no MD5 specific handling.
Sure, my message did not mention any special handling at all. The test will make sure it is removed and stays removed :-) -- Petr Špaček @ CZ.NIC _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
