On Tue, 6 Feb 2018, Tero Kivinen wrote:

but this is not possible with current definition of the section 4.2,
where the DNSKEY Key Tag etc fields are mandatory. Thats why my
proposal was to make whole DNSSEC Trust Anchor Data optional.

Fixed in -06

I've submitted -05. My only question now is what to do with the
length field of both records. It now says "2 octects, unsigned integer"
but perhaps it should say "2 octets in network order" ?

In RFC7296 we have:

  All multi-octet fields representing integers are laid out in big
  endian order (also known as "most significant byte first", or
  "network byte order").

Thanks, added to the start of the section.

diff at:



IPsec mailing list

Reply via email to