Re: NSEC2- and an Authenticated Denial Mechanism Flag (was: NSEC+ and NO)

[roy@dnss.ec]

On Tue, 25 May 2004, Roy Badami wrote:

> However I think I concur with something that I think someone else in
> this thread (sorry, I forget who) had in mind a while back: _if_ any
> changes are going to be made to the spec at this stage, the one change
> that should seriously be contemplated is introducing a mechanism
> allowing a zone to declare (on a per-zone basis) what authenticated
> denial mechanism they use.

You can't declare anything 'by zone'. A resolver is _completely_clueless_
about zone concept. A zone in merely space delegate to an entity minus
subspace delegated by that entity.

If, big if, anything can be declared by zone (similar like SOA), how would
you proof that record exist ? or not exist ?

Roy


--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>