On Mon, Feb 29, 2016 at 4:03 PM, Warren Kumari <[email protected]> wrote:
> > > On Mon, Feb 29, 2016 at 10:04 AM Shane Kerr <[email protected]> > wrote: > >> Ed, >> >> At 2016-02-29 14:34:39 +0000 >> Edward Lewis <[email protected]> wrote: >> > I don't think I was clear - this is only about the DNS protocol. This >> > document proposes that the DNS protocol behave differently depending on >> > the data being carried (QNAME) in it's own messages. >> >> [...] >> >> > This isn't about processing different values differently, this is about >> > changing the behavior of the protocol based on environmental factors. >> > Ah. So you don't like identifying magic zones (other than in-addr.arpa, >> ip6.arpa, .example, .local, ...). Fair enough. >> >> But AIUI, the proposal is an observation that Fujiwara's >> NXDOMAIN-from-NSEC proposal can be implemented safely today for the root >> zone, so we may as well go ahead and do that while considering wider >> usage. >> > > > Yup. I believe we should still pursue Fujiwara's document, but that is > likely to take a significant time, and there are hurdles to overcome. This > document limits things to a subset where we know things work correctly (and > seem OK within 4035) - once we have demonstrated that things work OK here, > it paves the way for more aggressive NSEC. > > Warren, Can you list the issues you think need addressing in Fujiwara's document other than saying that zones signed with "Opt-out" there will be gaps where the technique can be applied, but gaps with opt-out bit set can not be protected. Thus I consider your document a distraction, we should push the general solution not a special case Olafur
_______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
