In message <[EMAIL PROTECTED]>, Pekka Savola writes:
> On Fri, 14 Nov 2008, Mark Andrews wrote:
> >> How does an application do "accept if signed and validated by DNSSEC"?
> >
> > You validate the CERT RRset using the techniques in RFC
> > 4033, 4034 and 4035. If the answer is "secure" then it was
> > signed and validated. You the match offered cert to the CERT
> > RRs using the information from RFC 4398.
> >
> > Do you need more detail or is that enough guidance?
>
> I was interested in more detail, specifically, are there application
> interfaces an application could use, or every app need to implement
> validation using 4033-5 techniques (a lot of work, and most would
> probably do it wrong)?
There are a number of libraries available which can do
dnssec validation.
Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: [EMAIL PROTECTED]
_______________________________________________
Ietf mailing list
Ietf@ietf.org
https://www.ietf.org/mailman/listinfo/ietf
