%% You should probably cite draft-ietf-dnsop-dnssec-validator-requirements instead of this I-D. @techreport{mglt-dnsop-dnssec-validator-requirements-06, number = {draft-mglt-dnsop-dnssec-validator-requirements-06}, type = {Internet-Draft}, institution = {Internet Engineering Task Force}, publisher = {Internet Engineering Task Force}, note = {Work in Progress}, url = {https://datatracker.ietf.org/doc/draft-mglt-dnsop-dnssec-validator-requirements/06/}, author = {Daniel Migault and Dan York and Edward Lewis}, title = {{DNSSEC Validators Requirements}}, pagetotal = 16, year = 2017, month = oct, day = 30, abstract = {DNSSEC provides data integrity and source authentication to a basic DNS RReet. Given a RRset, a public key and a signature, a DNSSEC validator checks the signature, time constraints, and other, local, policies. In case of mismatch the RRSet is considered illegitimate and is rejected. Accuracy in DNSSEC validation, that is, avoiding false positives and catching true negatives, requires that both the signing process and validation process adhere to the protocol, which begins with external configuration parameters. This document describes requirements for a validator to be able to perform accurate validation.}, }