I have one quick comment/question on draft-krecicki-dprive-dnsenc-01.
In Section 3.1 it states:
APPLICABLE NS NAME a <domain-name> of NSes that use this
key. This allows for different NSes for
a zone to use different keysets (eg. when
the secondary is operated by different
entity than primary). This field might
contain wildcard symbol '*' at any place
(including as a part of a single label -
eg. 'ns*.foo*bar.example.com'), which
matches zero or more characters and can
cross label boundaries ('ns*.example.com'
matches 'ns.example.com',
'ns1.example.com' and
'ns1.foobar.example.com'), single '*'
means any.
So the semantics of '*' is different from that of RFC1035/4592. Is
this deviation really necessary? It's not immediately clear to me
from the draft about the definite need for it, and I suspect this can
be easily a nightmare for implementers. Also, calling this a
<domain-name> might also not be very appropriate as it handles '*' in
a different way.
--
JINMEI, Tatuya
_______________________________________________
dns-privacy mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dns-privacy
