[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: NSEC-13 conclusion

To: Edward Lewis <Ed.Lewis@neustar.biz>
Subject: Re: NSEC-13 conclusion
From: Mark Andrews <Mark_Andrews@isc.org>
Date: Wed, 12 Dec 2007 10:12:05 +1100
Cc: Ólafur Guðmundsson /DNSEXT chair <ogud@ogud.com>, namedroppers@ops.ietf.org, townsley@cisco.com
In-reply-to: Your message of "Tue, 11 Dec 2007 12:28:29 CDT." <a06240803c38476a8aa2b@[192.168.1.101]>

> I have to ask, now that I have time to read the=20
> document, is there a reason opt-out is optional=20
> wrt to NSEC3?

You can still want to assert the non existance of a delegation.

Note: the decision of whether to include opt-out or not in NSEC3
has never been decided.  We are still in limbo state on this question.

The most recent version of this WG's "Requirements related to DNSSEC 
Signed Proof of Non-Existence" document, dated June 2006, contains 
the text:

    Editor comments: We believe that [opt-out] is a medium-priority goal or
    desire and should be considered.  Because of the similarity of this
    item to the older "opt-in signed zones" proposal, we recognize that
    consideration of this item may bog down the DNSEXT WG and that a
    decision must be made by the WG chairs.  [Section 8, "Group 5"]

If the audio records were complete I'm pretty sure I could also find the
decision to defer deciding whether NSEC3 should be part of DNSSEC or
not.
 
	Mark

> Yes I know I'm late in asking, but as things wind=20
> down I get to catch up on my reading pile.
> 
> The reason I'm asking this question is that I am=20
> concerned (meaning unable to come up with a=20
> concrete reason) about altering parameters in an=20
> operating zone.  If there are few NSEC3 records=20
> to update, I think it is okay.  But if there are=20
> millions of records, I am not so sure.
> 
> Did we consider adding text to encourage liberal use of opt-out?
> 
> At 11:26 -0500 12/11/07, =D3lafur Gu=F0mundsson /DNSEXT
>   chair wrote:
> >Namedroppers,
> >There seems to be consensus that the change is acceptable.
> >The working group is done with NSEC3.
> >
> >Mark,
> >please forward this version to the RFC-editor, for publication.
> >
> >         Olafur
> >
> >
> >--
> >to unsubscribe send a message to namedroppers-request@ops.ietf.org with
> >the word 'unsubscribe' in a single line as the message text body.
> >archive: <http://ops.ietf.org/lists/namedroppers/>
> 
> -- 
> -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D=
> -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-
> Edward Lewis                                                +1-571-434-5468
> NeuStar
> 
> Think glocally.  Act confused.
> 
> --
> to unsubscribe send a message to namedroppers-request@ops.ietf.org with
> the word 'unsubscribe' in a single line as the message text body.
> archive: <http://ops.ietf.org/lists/namedroppers/>
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews@isc.org

--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>

Follow-Ups:
- Re: NSEC-13 conclusion
  - From: roy@nominet.org.uk
- Re: NSEC-13 conclusion
  - From: Edward Lewis <Ed.Lewis@neustar.biz>

References:
- Re: NSEC-13 conclusion
  - From: Edward Lewis <Ed.Lewis@neustar.biz>

Prev by Date: Re: NSEC-13 conclusion
Next by Date: Fwd: I-D Action:draft-kaplan-enum-source-uri-00.txt
Previous by thread: Re: NSEC-13 conclusion
Next by thread: Re: NSEC-13 conclusion
Index(es):
- Date
- Thread