Re: Transition from 2535 to opt-in

[Edward Lewis <lewis@tislabs.com>]

At 5:50 AM -0500 12/5/01, Ted Lindgreen wrote:
>OptIn: if OptIn, why not just forget NXT?

The question of whether "authenticated denial is desired" has been answered
"yes" a number of times over the past year or so  The question has been
raised by the WG chair on the list and in person at London.  So it appears
that there is a desire to provide the service.  (Why?  I don't know.)

Opt-In allows those who want authenticated denial to have that service.
Because opt-in has a means to indicate when it is in use, there is no
ambiguity on the part of the resolver when it comes to understanding the
situation.  Signalling opt-in is done by the lack of the NXT bit in the NXT
RRDATA's type bitmap.  I think this is a solid but expensive way to
indicate the status.

Solid in terms of its indication - there is only one bit involved to
comunicate yes/no, so there is no conflict possible in the resolver's
processing.  Unlike trying to tag the zone key set to indicate the way a
zone operates, which means multiple bits indicating a yes/no status, this
indication leave no room for ambiguity.

Expensive in that this mechanism can only be done once.  If we use the NXT
bit in the bitmap for this purpose, it can't be done again.

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis                                                NAI Labs
Phone: +1 443-259-2352                      Email: lewis@tislabs.com

Opinions expressed are property of my evil twin, not my employer.




to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.