[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: NSEC version field (Re: NSEC2- and an Authenticated Denial Mechanism Flag)

To: namedroppers@ops.ietf.org
Subject: Re: NSEC version field (Re: NSEC2- and an Authenticated Denial Mechanism Flag)
From: Paul Vixie <paul@vix.com>
Date: Thu, 27 May 2004 18:19:20 +0000
In-reply-to: Message from Roy Badami <roy@gnomon.org.uk> of "Thu, 27 May 2004 10:23:16 +0100." <16565.45956.205803.87821@giles.gnomon.org.uk>

> ...  I am assuming that DNSSECbis is modified so NSEC RRs
> contain a version field, which is set to 1 (say).

please don't do this.  find a signalling method, such as a dnskey
algorythm id or some existing MBZ field, that will allow new negative
signatures in the future (such as the one we're calling NSEC2) but
that will not require the dnssec-bis docset to be recut yet again.

changes to the dnssec-bis docset at this stage should be because of
document or protocol quality issues, not because of design changes
in the protocol itself.

--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>

Follow-Ups:
- Re: NSEC version field (Re: NSEC2- and an Authenticated Denial Mechanism Flag)
  - From: Roy Badami <roy@gnomon.org.uk>

References:
- Re: NSEC version field (Re: NSEC2- and an Authenticated Denial Mechanism Flag)
  - From: Roy Badami <roy@gnomon.org.uk>

Prev by Date: Re: Confirming the Nominet position
Next by Date: Re: NSEC version field (Re: NSEC2- and an Authenticated Denial Mechanism Flag)
Previous by thread: Re: NSEC version field (Re: NSEC2- and an Authenticated Denial Mechanism Flag)
Next by thread: Re: NSEC version field (Re: NSEC2- and an Authenticated Denial Mechanism Flag)
Index(es):
- Date
- Thread