[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[dnsext] Re: implied NSEC3 support in rsasha256

To: Jelte Jansen <jelte@NLnetLabs.nl>
Subject: [dnsext] Re: implied NSEC3 support in rsasha256
From: Wes Hardaker <wjhns1@hardakers.net>
Date: Wed, 10 Dec 2008 16:15:38 -0800
Cc: Peter Koch <pk@DENIC.DE>, IETF DNSEXT WG <namedroppers@ops.ietf.org>
In-reply-to: <493FE3B6.5020807@NLnetLabs.nl> (Jelte Jansen's message of "Wed, 10 Dec 2008 16:43:50 +0100")
Organization: Sparta
References: <Pine.LNX.4.64.0809301237230.27246@mint> <200812090324.mB93OARV045445@drugs.dv.isc.org> <20081209143420.GA8932@shinkuro.com> <20081210030636.GA565@sirocco.local> <20081210150817.GC30676@unknown.office.denic.de> <493FE3B6.5020807@NLnetLabs.nl>
User-agent: Gnus/5.110011 (No Gnus v0.11) XEmacs/21.4.21 (linux, no MULE)

>>>>> On Wed, 10 Dec 2008 16:43:50 +0100, Jelte Jansen <jelte@NLnetLabs.nl> said:

JJ> in waiting for the chairs, i preemptively wrote this earlier today:

I was one of the LC reviewers that took issue with that section.  I
think that text looks good and avoids both the cost of allocating a new
type as well as mandating NSEC3.  Simply recognizing it and discarding
the results as unsigned seems like a good compromise so I'm all for the
new wording-ish.  I think marc's comments about what types of
applications (servers vs validating clients) should be taken into
consideration though.

I don't see the need to do a new LC since this is still resolving the
same issues from the last LC.  Part of the problem with the previous
text that was flagged by a few of us is that it wasn't explained.  Had
an explanation been in the text we probably would have still flagged it
as problematic but with a different complaint.
-- 
"In the bathtub of history the truth is harder to hold than the soap,
 and much more difficult to find."  -- Terry Pratchett

--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>

References:
- Re: implied NSEC3 support in rsasha256 (was: [dnsext] Re: Working Group Last Call for draft-ietf-dnsext-dnssec-rsasha256-05)
  - From: Sam Weiler <weiler@tislabs.com>
- Re: implied NSEC3 support in rsasha256 (was: [dnsext] Re: Working Group Last Call for draft-ietf-dnsext-dnssec-rsasha256-05)
  - From: Mark Andrews <Mark_Andrews@isc.org>
- Re: implied NSEC3 support in rsasha256 (was: [dnsext] Re: Working Group Last Call for draft-ietf-dnsext-dnssec-rsasha256-05)
  - From: Andrew Sullivan <ajs@shinkuro.com>
- Re: implied NSEC3 support in rsasha256 (was: [dnsext] Re: Working Group Last Call for draft-ietf-dnsext-dnssec-rsasha256-05)
  - From: Matt Larson <mlarson@verisign.com>
- Re: implied NSEC3 support in rsasha256 (was: [dnsext] Re: Working Group Last Call for draft-ietf-dnsext-dnssec-rsasha256-05)
  - From: Peter Koch <pk@DENIC.DE>
- Re: implied NSEC3 support in rsasha256 (was: [dnsext] Re: Working Group Last Call for draft-ietf-dnsext-dnssec-rsasha256-05)
  - From: Jelte Jansen <jelte@NLnetLabs.nl>

Prev by Date: Re: implied NSEC3 support in rsasha256 (was: [dnsext] Re: Working Group Last Call for draft-ietf-dnsext-dnssec-rsasha256-05)
Next by Date: Re: implied NSEC3 support in rsasha256 (was: [dnsext] Re: Working Group Last Call for draft-ietf-dnsext-dnssec-rsasha256-05)
Previous by thread: Re: implied NSEC3 support in rsasha256 (was: [dnsext] Re: Working Group Last Call for draft-ietf-dnsext-dnssec-rsasha256-05)
Next by thread: Re: implied NSEC3 support in rsasha256 (was: [dnsext] Re: Working Group Last Call for draft-ietf-dnsext-dnssec-rsasha256-05)
Index(es):
- Date
- Thread