On Fri, Aug 06, 2021 at 11:21:35AM -0400, Ben Schwartz wrote: > Hi DPRIVE. I've written this up as a proper I-D at > https://datatracker.ietf.org/doc/html/draft-schwartz-ds-glue-00. Please > review. > > In addition to the precise description of how to extend "DS" in this way, > there's also some text explaining how this interacts with DANE and PKI > authentication, making creative use of NSEC for performance.
I am confused about the NSEC parts. - Usually NSEC lists the next name and present types for current name. - In this draft, it seems to be list of types that are not present. - In this draft, I do not see any explanation on how the name in the NSEC record should be set. In the examples, it seems to be the set to full owner name. - The draft mentions NSEC3 too, but as far as I can see, no explanation or examples of its use. -Ilari _______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
