From 374a7f45c240fd052ea0c37024b18a67542672b5 Mon Sep 17 00:00:00 2001
From: Wouter Wijngaards <wouter@nlnetlabs.nl>
Date: Wed, 8 Jul 2009 12:07:03 +0000
Subject: [PATCH] it could be worse

git-svn-id: file:///svn/unbound/trunk@1707 be551aaa-1e26-0410-a405-d3ace91eadb9
---
 doc/TODO | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/doc/TODO b/doc/TODO
index 44077495a..940f2bb07 100644
--- a/doc/TODO
+++ b/doc/TODO
@@ -210,6 +210,10 @@ Triggered by a trust anchor or by a signed DS record for a zone.
     Advantage because if the zone is mildly broken, no time is spent redoing
     stuff that was fine.  Or after a spoof most other stuff is still there.
     Disadvantage.  After a sale the old data could linger for TTL time.
+  * listing bad servers and trying again may not be good enough, since
+    a combinatorial explosion for DSxDNSKEYxdata is possible for every
+    signature validation (using different nameservers for DS, DNSKEY and
+    data, assuming only the right combination has a chain of trust to data).
 
 
 later
-- 
2.47.3