Re: Q-6: May security-aware resolvers cache "Bad" data?

[Rob Austein <sra+namedroppers@hactrn.net>]

I'm not really trying to have a debate here, the point was to ask the
WG a question.  However, since Greg's comments suggest that the
context of the question may have been unclear, one clarification:

At 28 Feb 2003 21:23:30 -0500, Greg Hudson wrote:
> ...
> It sounds like the text is trying to prevent a security-aware
> caching server from providing bad responses to a stub resolver, and
> that's important for people who want to use security aware local
> caching recursive resolvers in concert with old native stub
> resolvers.

The text I'm asking about forbids the security-aware resolver itself
from caching "Bad" data, regardless of what it's going to do with that
data or whether it's ever going to send that data anywhere.

What data a security-aware recursive name server is allowed to send to
to a resolver is a separate matter, addressed elsewhere.  As far as I
know, nobody's suggesting that a security-aware recursive name server
should send "Bad" data a response except perhaps when responding to a
query with the CD bit turned on.  Different issue.

--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>