[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: implied NSEC3 support in rsasha256 (was: [dnsext] Re: Working Group Last Call for draft-ietf-dnsext-dnssec-rsasha256-05)
Dear colleagues,
Given the controversy, I've asked our AD not to proceed with IETF last
call.
Since some of those who previously asked for the -05 text to change
appear to have withdrawn their objections to the single algorithm
identifier, it appears we can go with some variation of Jelte's
proposed text. Thanks for your quick action, Jelte.
On Thu, Dec 11, 2008 at 10:39:24AM +1100, Mark Andrews wrote:
> > 5.2. Support for NSEC3 Denial of Existence
>
> Authoritatives servers is SHOULD. This allow for NSEC only servers.
> Validators is a MUST. A validator needs to be able to handle either
> NSEC or NSEC3 record or it need to treat the zone as insecure.
Mark, it would be helpful if you could provide a complete text for
consideration if you want Jelte's proposed text changed. I'm not sure
I understand the above correctly, but if I do it isn't plain to me
that it entails anything different than what Jelte had.
Best regards,
A
--
Andrew Sullivan
ajs@shinkuro.com
Shinkuro, Inc.
--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>