[getdns-api] some early API comments

[Evan Hunt]

> Evan: you seem to be hoping that this API will solve a problem that the
> DNSEXT WG has not been willing to deal with for many years.

It would solve one such problem merely by existing. :)

> If so, your hope is misplaced. If that problem can be addressed *in a way
> that is easy and clear to application developers*

I'm puzzled by this comment. You have a mechanism for asking a resolver for
data *without* doing local validation, but it only returns the data,
without any guidance about its integrity.  And then you also have a
mechanism for doing local validation and returning such guidance.

As a BIND author, I've been asked more than once for a mechanism to inspect
validation results obtained by the resolver. Essentially this just skips
over the middle step of doing the validation internally, and passes the
guidance directly from resolver to client.  That seems like it ought to be
easy and clear enough, from an application standpoint.

I do recognize the validity of Joe's objections; I'm apparently more
comfortable than he is relying on a resolver running on localhost,
but a higher level of concern is certainly not unreasonable.  But it
*is* a thing I've been asked for by application developers, so I'm
passing that information along.

(I'm content with the notion that this should be relegated to context
and therefore infrequently used, though.)

-- 
Evan Hunt -- each at isc.org
Internet Systems Consortium, Inc.