From: Wouter Wijngaards <wouter@nlnetlabs.nl>
Date: Wed, 8 Jul 2009 12:07:03 +0000 (+0000)
Subject: it could be worse
X-Git-Tag: release-1.3.1^0
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=374a7f45c240fd052ea0c37024b18a67542672b5;p=thirdparty%2Funbound.git

it could be worse

git-svn-id: file:///svn/unbound/trunk@1707 be551aaa-1e26-0410-a405-d3ace91eadb9
---

diff --git a/doc/TODO b/doc/TODO
index 44077495a..940f2bb07 100644
--- a/doc/TODO
+++ b/doc/TODO
@@ -210,6 +210,10 @@ Triggered by a trust anchor or by a signed DS record for a zone.
     Advantage because if the zone is mildly broken, no time is spent redoing
     stuff that was fine.  Or after a spoof most other stuff is still there.
     Disadvantage.  After a sale the old data could linger for TTL time.
+  * listing bad servers and trying again may not be good enough, since
+    a combinatorial explosion for DSxDNSKEYxdata is possible for every
+    signature validation (using different nameservers for DS, DNSKEY and
+    data, assuming only the right combination has a chain of trust to data).
 
 
 later