Re: MagicType draft

[Samuel Weiler <weiler@tislabs.com>]

On Tue, 16 Nov 2004, Roy Arends wrote:

> I don't like subtyping in DS records, why not a different
> type altogether.

Another type that exists only at the parent side of a delegation?
And that will require special parent-finding code?  (Remeber the DS
lameness and grandparent problems from two years ago?)

This would add noticable new logic to resolvers, especially if we try
to allow both types to coexist at one delegation.  Imagine a referral
answer that includes a DS but not one of these new RR types -- would
you want the auth server to include the NSEC to prove that the new
type isn't there?  If not, resolvers will have to go issue another
query to every parent at every delegation, specifically looking for
those new types.

And there are interesting backwards compatibility issues: an auth
server that speaks DNSSECbis will only include an NSEC record in a
referral (proving lack of other types at a delegation) when there's no
DS.  What's a poor resolver that groks this new type to do?  Go pound
that parent with more queries looking for the new type?

As much as I'm a fan of changing type codes, using a new DS type
scares me.

-- Sam

--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>