Re: NSEC-13 conclusion

[Edward Lewis <Ed.Lewis@neustar.biz>]

At 10:12 +1100 12/12/07, Mark Andrews wrote:

> You can still want to assert the non existance of a delegation.

If you want to do that, just put an TXT record there saying "Na na 
nana nah" and sign it.  (DNSSEC isn't about asserting anything, it's 
about being able to verify something.)

> Note: the decision of whether to include opt-out or not in NSEC3
> has never been decided.  We are still in limbo state on this question.

Well, then let's leave the doc as it is and be done with it.

> The most recent version of this WG's "Requirements related to DNSSEC
> Signed Proof of Non-Existence" document, dated June 2006, contains
> the text:

If it never made it to consensus, then I wouldn't worry about it.

(http://tools.ietf.org/html/draft-ietf-dnsext-signed-nonexistence-requirements-03)

>     Editor comments: We believe that [opt-out] is a medium-priority goal or
>     desire and should be considered.  Because of the similarity of this
>     item to the older "opt-in signed zones" proposal, we recognize that
>     consideration of this item may bog down the DNSEXT WG and that a
>     decision must be made by the WG chairs.  [Section 8, "Group 5"]
>
> If the audio records were complete I'm pretty sure I could also find the
> decision to defer deciding whether NSEC3 should be part of DNSSEC or
> not.

I don't see the point of worrying about this, it seems like the WG 
has already agreed to nsec3-13.
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis                                                +1-571-434-5468
NeuStar

Think glocally.  Act confused.

--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>