* Ted Lemon:
> On Mar 8, 2015, at 6:31 PM, Ralf Weber wrote:
>> I was told that the difference is that a security aware resolver does
>> not validate, but instead relies on the "Validating Stub Resolver" to
>> protect the user. So it would handle all the DNSSEC processing to the
>> authoritative
In message <54fdb221.8020...@nlnetlabs.nl>, Willem Toorop writes:
> I'd like to maintain the term exactly as specified in RFC4033
> (understanding DNSSEC but not validating), because it comes in use when
> talking about validating stubs.
>
> Some network operators don't know or care about DNSSEC
I'd like to maintain the term exactly as specified in RFC4033
(understanding DNSSEC but not validating), because it comes in use when
talking about validating stubs.
Some network operators don't know or care about DNSSEC and do not equip
their network's resolver with a trust anchor. Such a resolv
Paul Hoffman wrote:
> On Mar 9, 2015, at 3:45 AM, Tony Finch wrote:
> >
> > Paul Hoffman wrote:
> >>
> >> My personal interpretation is that "validating resolver" is a synonym
> >> for "security-aware resolver". Do others agree? If not, how would you
> >> differentiate them?
> >
> > No, "securit
Thanks, but I'm having a hard time grokking this. It seems other on the list
are as well.
On Mar 9, 2015, at 3:45 AM, Tony Finch wrote:
>
> Paul Hoffman wrote:
>>
>> My personal interpretation is that "validating resolver" is a synonym
>> for "security-aware resolver". Do others agree? If not
On Mar 8, 2015, at 6:31 PM, Ralf Weber wrote:
> I was told that the difference is that a security aware resolver does
> not validate, but instead relies on the "Validating Stub Resolver" to
> protect the user. So it would handle all the DNSSEC processing to the
> authoritative and would store the
Paul Hoffman wrote:
>
> My personal interpretation is that "validating resolver" is a synonym
> for "security-aware resolver". Do others agree? If not, how would you
> differentiate them?
No, "security-aware" means that the doftware understands the special
semantics of RRSIG, NSEC, DS, etc. but d
Moin!
On Sun, Mar 08, 2015 at 12:21:49PM -0700, Paul Hoffman wrote:
> Greetings again. Paul Wouters noticed an inconsistency in the terminology
> draft, and upon investigation, I believe it is a problem (hopefully
> fixable) with the definitions in RFC 4033. RFC 4033 and 4035 use the term
> "vali
On Sun, 8 Mar 2015, Paul Hoffman wrote:
My personal interpretation is that "validating resolver" is a synonym for
"security-aware resolver". Do others agree? If not, how would you differentiate them?
I agree :)
Two other issues I noticed when trying to rewrite my draft to stick to
terms in t
Greetings again. Paul Wouters noticed an inconsistency in the terminology
draft, and upon investigation, I believe it is a problem (hopefully fixable)
with the definitions in RFC 4033. RFC 4033 and 4035 use the term "validating
resolver" in a few places. However, RFC 4033 never defines that. RFC
10 matches
Mail list logo
