Update to DNSSEC design document.
Carlos O'Donell
carlos@redhat.com
Thu May 21 15:23:43 GMT 2020
On 5/21/20 4:48 AM, Petr Špaček wrote:
> On 21. 05. 20 10:27, Alexander Monakov wrote:
>> On Thu, 21 May 2020, Petr Špaček wrote:
>>
>>> In my optinion:
>>> - AD bit stripping ensures the application can trust the answer (which is
>>> exactly tu purpose of AD bit).
>>
>> I don't see how absence of AD bit implies that the application can trust the
>> answer, and I think you and Rich are talking from different standpoints here.
>
> No, this is misunderstandig. It is exactly the opposite, see below.
I've updated the wiki to indicate the RES_TRUSTAD feature was released
in glibc 2.31 on 2020-02-01.
We should start a distinct thread to discuss specific issues.
Such discussions should start from first principles, point out relevant
standards (as are pointed out in this discussion, thank you Petr), and
why the glibc implementation has a particular failing, and what an
alternative solution would look like.
Thanks.
--
Cheers,
Carlos.
More information about the Libc-alpha
mailing list