return address for failed DNSSEC validation
Barry Margolin
barmar at alum.mit.edu
Fri Mar 12 01:44:36 UTC 2010
In article <mailman.792.1268343500.21153.bind-users at lists.isc.org>,
Mark Andrews <marka at isc.org> wrote:
> No. It's I've tried real hard to get you a answer which is not a
> forgery but I can't.
Not really. It's "I've tried real hard to get you an answer that I can
*tell* is not a forgery, but I can't." When validation fails, which is
really more likely, that it's a forgery or that the DNS administrator
screwed up?
When website admins mess up certificates, the browser alerts the user
and gives them the option of ignoring the error. DNSSEC validation
doesn't have the same kind of continuation option.
--
Barry Margolin, barmar at alum.mit.edu
Arlington, MA
*** PLEASE don't copy me on replies, I'll read them in the group ***
More information about the bind-users
mailing list