[ldns-users] [PATCH 0/3] Add full validating capabilities to ldns

Miek Gieben miek at miek.nl
Tue May 22 19:06:49 UTC 2007


[On 21 May, @12:21, Jelte Jansen wrote in "Re: [ldns-users] [PATCH 0/3] A ..."]
> 1) a linked list of errors, containing for example; dname, rr type,
> error, and a link to the same structure
> 
> However, this approach is also not very flexible, and an application
> would not be able to do much more that print what went wrong (not that i
> can think of much else to do at this moment, but hey).
> 
> 2) separate the building of the dnssec trust chain and the validation of
> that chain:
> - first build a list-like structure, containing:
>     - node rrset
>     - parent type (DS or DNSKEY, if DS then there is no rrsig)
>     - parent (pointer to another instance of this structure)
>     - rrsig
> (and possibly some entries for optimization, like 'is_verified', but i
> want the base structures and algorithm right first)

I think you make a good case for the second option, so my vote would
be for number 2,


--
grtz,
  - Miek

  http://www.miek.nl
  PGP: 6A3C F450 6D4E 7C6B C23C  F982 258B 85CF 3880 D0F6
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <http://lists.nlnetlabs.nl/pipermail/ldns-users/attachments/20070522/4a4542a5/attachment.bin>


More information about the ldns-users mailing list