Re: [DNSOP] Fwd: New Version Notification for draft-pan-dnsop-swild-rr-type-00.txt

I'm assuming there's a very obvious answer to this question, but what would break if unsigned wildcard caching were covered by allowing DNSSEC-independent NSEC (and therefore https://tools.ietf.org/html/draft-ietf-dnsop-nsec-aggressiveuse )? $ cat zones/github.io ; apex records github.io. 900 IN

Re: [DNSOP] New Version Notification for draft-pan-dnsop-swild-rr-type-00.txt

On 11 Aug 2017, at 7:39, Matthew Pounsett wrote: > It sounds like you're assuming that SWILD would be supported by caching > servers that do not support DNSSEC or NSEC aggressive use. Why do you > expect implementers would adopt SWILD before adopting these much older > features? This is my top

Re: [DNSOP] Fwd: New Version Notification for draft-pan-dnsop-swild-rr-type-00.txt

On 11 August 2017 at 01:02, Lanlan Pan wrote: > >> We can get even better behavior from aggressive NSEC use. Here are >> advantages of aggressive NSEC use: >> - does not require changes to existing authoritatives or signed zones >> - less fragile (if we consider manual SWILD