[getdns-api] DANE with dnssec_return_only_secure extension

Paul Hoffman paul.hoffman at vpnc.org
Tue Jul 1 19:22:01 CEST 2014


Whoops, my mistake. Yes, your original proposal is right. We already crossed the line with GETDNS_RESPSTATUS_NO_SECURE_ANSWERS (which I now think was a mistake, but oh well), so GETDNS_RESPSTATUS_ALL_BOGUS_ANSWERS seems OK. However, we need to be clear that this means all bogus answers *for the requested name*, not for other records that might have come back with them, such as glue records that might be OK.

--Paul Hoffman
_______________________________________________
getdns-api mailing list
getdns-api at vpnc.org



More information about the spec mailing list