Re: section 3.2 of protocol draft

[Miek Gieben <miekg@atoom.net>]

[On 08 Dec, @16:22, Jim wrote in "Re: section 3.2 of protocol dr ..."]
> No, it doesn't say "don't use the cache". Well, not to this
> mother-tongue English speaker anyway. It says "don't use cached data
> to compose or fill out an answer to a query you've not resolved". I
> think the intention here is to cover things like glue or partial
> responses from an authoritative server. If the resolving server has
> previously resolved and validated the glue or other stuff that might
> be missing from the authoritative server's response, the resolving
> server MUST NOT add these things to the reply it returns to its end
> client. That's my interpretation of this bit of the draft.
> 
> Perhaps the language could be made less opaque?

Maybe the following is clearer:

A security-aware recursive name server MUST NOT attempt to answer a query by
piecing together non validated, cached data (i.e. glue) it received in response
to previous queries that requested different QNAMEs, QTYPEs, or QCLASSes.  A
security-aware recursive name server MUST NOT use NSEC RRs from one negative
response to synthesize a response for a different query.  A security-aware
recursive name server MUST NOT use a previous wildcard expansion to generate a
response to a different query.

grtz
      Miek
--
Serenity now!
-- Frank Costanza (Seinfeld)

--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>