On 2 Jul 2017, at 20:53, Mark Andrews wrote:
There are three things that made it hard to deploy new features. 1) Firewall vendor shipping firewalls with ridiculously strict rules with zero evidence that they are needed. 2) Misimplementation of STD 13 and RFC 2671 by nameserver vendors. 3) Unknown EDNS option behaviour was not well defined by RFC 2671, this is addressed in RFC 6891. 1 and 2 made it impossible to do a clean update from RFC 2671 to RFC 6891 which tightened the unknown EDNS option behaviour. Proper implementation of RFC 2671 would have allowed the EDNS version 1 to be used to signal that RFC 6891 unknown option behaviour is required. I don't see how adding a capabilities option will help here when the primary problem is bad code.
I do. The fact that some middleboxes and servers have bad code doesn't mean that all of them do.
--Paul Hoffman _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
