[ldns-users] [PATCH 0/3] Add full validating capabilities to ldns
Miek Gieben
miek at miek.nl
Tue May 22 19:06:49 UTC 2007
[On 21 May, @12:21, Jelte Jansen wrote in "Re: [ldns-users] [PATCH 0/3] A ..."]
> 1) a linked list of errors, containing for example; dname, rr type,
> error, and a link to the same structure
>
> However, this approach is also not very flexible, and an application
> would not be able to do much more that print what went wrong (not that i
> can think of much else to do at this moment, but hey).
>
> 2) separate the building of the dnssec trust chain and the validation of
> that chain:
> - first build a list-like structure, containing:
> - node rrset
> - parent type (DS or DNSKEY, if DS then there is no rrsig)
> - parent (pointer to another instance of this structure)
> - rrsig
> (and possibly some entries for optimization, like 'is_verified', but i
> want the base structures and algorithm right first)
I think you make a good case for the second option, so my vote would
be for number 2,
--
grtz,
- Miek
http://www.miek.nl
PGP: 6A3C F450 6D4E 7C6B C23C F982 258B 85CF 3880 D0F6
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <http://lists.nlnetlabs.nl/pipermail/ldns-users/attachments/20070522/4a4542a5/attachment.bin>
More information about the ldns-users
mailing list