Mark Andrews <ma...@isc.org> wrote: > > An organisation can also deploy DLV for their own zones using their own > registry. While the current code DLV validating code is only invoked > when the response validates as insecure, there is nothing preventing a > policy which says that DLV trumps or must also validate for entries in a > registry. At this stage is would be a minor code change to add such > policy knobs. DLV is a just a in-band way of distributing trust > anchors.
Yes (as Mark knows) I would like to be able to use DLV in this enterprisey way. It should also help validators to continue working for local domains when external connectivity is funted. Tony. -- f.anthony.n.finch <d...@dotat.at> http://dotat.at/ East Sole, Lundy, Fastnet, Irish Sea: Southeasterly 4 or 5. Rough or very rough, but slight or moderate in Irish Sea. Mainly fair. Good, occasionally poor.
