On Tue, Jul 27, 2021 at 4:35 PM Shumon Huque <[email protected]> wrote:
> Folks, > > While we have the attention of DNSOP folks this week, I'd like to ask for > review of this draft (I meant to send it earlier in time for f2f discussion > on Tuesday, but better late than never). > > > https://datatracker.ietf.org/doc/html/draft-huque-dnsop-blacklies-ent-01 > > That's interesting, and I'm definitely in favor of continuing this work. A couple of quick questions: - Are there distinctions between NSEC and NSEC3, where ENTs and/or negative proofs result in different response sets? - Would it make sense to include the synthetic ENT RR as an actual RR in the unsigned zones for such names (i.e. which, absent this record, would be ENTs)? - Does it make sense to harmonize the resulting answers across both "black lies" and pre-signed zones? - That harmonizing might be advisable and/or necessary in a multi-signer universe where one provider is statically signing, and the other is dynamically signing Presumably this would get added to the set of types that must not co-exist with any other type, and must be singletons. Brian
_______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
