On Oct 24, 2005, at 19:20 , Paul Vixie wrote:
NSEC3 agents behind pre-NSEC3 middleboxes will have to make a thirdquery to fetch the NSEC3, based on bits they see in the zone apex data,
Huh?How will these client know the QNAME, QTYPE, [QCLASS] at which to find that NSEC3 record???
Its worse than with DNSSECbis.. You will never know where to find a missing NSEC3 (I think).
--Olaf ----------------------------------------------------------- Olaf M. Kolkman NLnet Labs http://www.nlnetlabs.nl/
Attachment:
PGP.sig
Description: This is a digitally signed message part