-52
RFC3090 Terminology
nVerifiable Secure
uRRset and itŐs SIG can be verified with a KEY that can be chased back to a trusted key, the
parent has a DS record
nVerifiable Insecure
uRRset sits in a zone that is not
signed and for which the parent
has no DS record (more next slide)
nBAD
uRRset and its SIG can not be verified (somebody messed with the sig, the RRset, or the
SIG expired)
uA zone and itŐs subzones are BAD
when the parentŐs SIG over
the ChildŐs key is BAD