+TODO
+
+* Complete CNAME response validation code.
+
+ This differs from the original Unbound code in that it can only
+ validate CNAME/DNAME chains as long as we have the exact keys for
+ each element of the chain. The Unbound (java) version solved this
+ by requerying for each element of the CNAME chain and validating
+ each element independently (that is, it could construct a chain of
+ trust to each link separately).
+
* Add way to report errors and validation failure conditions.
+ For the TAT handler, what we want is a way to fetch all of the
+ various reason why a validation failed, so it can be spit out in the
+ test results. A globally available vector of error messages? Pass
+ around a vector of error messages?
+
+* Create the TAT handler that uses this bit of code.
+
+
+