[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: NSEC version field (Re: NSEC2- and an Authenticated Denial M echanism Flag)

To: Paul Vixie <paul@vix.com>
Subject: Re: NSEC version field (Re: NSEC2- and an Authenticated Denial M echanism Flag)
From: roy@dnss.ec
Date: Tue, 1 Jun 2004 16:52:54 +0200 (CEST)
Cc: namedroppers@ops.ietf.org
In-reply-to: <20040601143425.A9CA913DE5@sa.vix.com>
References: <20040601143425.A9CA913DE5@sa.vix.com>

On Tue, 1 Jun 2004, Paul Vixie wrote:

> if NSEC2 has a new type code (and maybe RRSIG but probably not DNSKEY) and
> if we promote "want dnssec-ter" as from hop-by-hop to end-to-end (by only
> returning cached data if it was acquired using the same flags as the current
> query) then this is all pretty simple.

DS as well, to protect non NSEC2 capable resolvers being delegated
into a NSEC2 zone.

Roy

--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>

Follow-Ups:
- Re: NSEC version field (Re: NSEC2- and an Authenticated Denial M echanism Flag)
  - From: Paul Vixie <paul@vix.com>

References:
- Re: NSEC version field (Re: NSEC2- and an Authenticated Denial M echanism Flag)
  - From: Paul Vixie <paul@vix.com>

Prev by Date: Re: WGLC for DNSSECbis docs
Next by Date: RE: NSEC version field (Re: NSEC2- and an Authenticated Denial M echanism Flag)
Previous by thread: Re: NSEC version field (Re: NSEC2- and an Authenticated Denial M echanism Flag)
Next by thread: Re: NSEC version field (Re: NSEC2- and an Authenticated Denial M echanism Flag)
Index(es):
- Date
- Thread