Hi Philip,
On 28 Mar 2017, at 12:37, Philip Homburg wrote:
So if would be best if a validator that implements MD5 would still
return
NXDOMAIN is validation fails, but would keep the AD-bit clear even if
validation
passes for a domain signed using MD5.
In the interest of nitpick correctness, please return SERVFAIL there,
not NXDOMAIN :)
Kind regards,
--
Peter van Dijk
PowerDNS.COM BV - https://www.powerdns.com/
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
