On Mon, Jul 30, 2018 at 11:03:25AM +1000, Mark Andrews wrote: > Actually it needs to be a type code. How do you hash the TXT RRset and > RRSIG(TXT) RRset when you need to modify both of them after computing the > hash? You need to be able to cleanly exclude the records from the ZONEMD / > XHASH calculations but have a indication that it is present in the zone > (NSEC/NSEC3 bit map).
You omit the relevant TXT rrset (_zonehash./TXT, or whatever) when computing the hash for the remainder of the zone. Using a type code is obviously more convenient, but I could implement a zone verification hash without it and so could you. SO, ZONEMD only needs expert review. -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop