If we go ahead with this these two sentences
Validating resolvers MUST treat
RRSIG records created from DNSKEY records using these algorithms as
insecure. If no other RRSIG records of accepted cryptographic
algorithms are available, the validating resolver MUST consider the
associated resource records as Bogus.
need to be replaced with
Validating resolvers MUST treat
RRSIG records created from DNSKEY records using these algorithms as an
unsupported algorithm. If no other RRSIG records of accepted cryptographic
algorithms are available, the validating resolver MUST consider the
associated resource records as Insecure.
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: [email protected]
_______________________________________________
DNSOP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dnsop
