[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Wrapup: DNSSECbis Q-8: Non-zone KEY RR at the apex.

To: namedroppers@ops.ietf.org
Subject: Re: Wrapup: DNSSECbis Q-8: Non-zone KEY RR at the apex.
From: Paul Vixie <paul@vix.com>
Date: Sat, 03 May 2003 20:11:12 +0000
In-reply-to: Message from Rob Austein <sra+namedroppers@hactrn.net> of "Sat, 03 May 2003 15:49:17 -0400."<20030503194917.36C2918EE@thrintun.hactrn.net>

> > E.g.  "A DNS server compliant with this specification MUST NOT serve a KEY 
> > RR which has the Zone Key bit set unless that KEY RR is at the zone 
> > apex.  A DNS server MUST set the Zone Key bit for all KEY RRs which are at 
> > the zone apex."
> 
> Er, no.  The zone content is the zone content, and the name server
> doesn't get to modify it on the fly (among other reasons, because
> doing so would invalidate the signatures).

i took this to mean "shall refuse to serve a zone without this property,
for example issuing an error and refusing to load or reload a zone if this
condition is not satisfied."

--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>

Follow-Ups:
- Re: Wrapup: DNSSECbis Q-8: Non-zone KEY RR at the apex.
  - From: Rob Austein <sra+namedroppers@hactrn.net>

References:
- Re: Wrapup: DNSSECbis Q-8: Non-zone KEY RR at the apex.
  - From: Rob Austein <sra+namedroppers@hactrn.net>

Prev by Date: Re: Wrapup: DNSSECbis Q-8: Non-zone KEY RR at the apex.
Next by Date: Re: Wrapup: DNSSECbis Q-8: Non-zone KEY RR at the apex.
Previous by thread: Re: Wrapup: DNSSECbis Q-8: Non-zone KEY RR at the apex.
Next by thread: Re: Wrapup: DNSSECbis Q-8: Non-zone KEY RR at the apex.
Index(es):
- Date
- Thread