[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
comments on draft-ietf-dnsext-dnssec-bis-updates-05
- To: IETF DNSEXT WG <namedroppers@ops.ietf.org>
- Subject: comments on draft-ietf-dnsext-dnssec-bis-updates-05
- From: Scott Rose <scottr@nist.gov>
- Date: Thu, 08 Mar 2007 11:40:59 -0500
- Organization: NIST
- User-agent: Thunderbird 1.5.0.8 (X11/20061107)
I just (quickly) read over the -05 version of the DNSSEC-bis-updates
draft. I noticed 2 typos and 1 issue that may have been resolved, but I
can't remember.
Section 2.1, second para
"...and with the singer field that's shorter than..." /singer/signer
Section 2.3 title
"Check for CNAMEa" CNAMEs or just CNAME? I don't know if that matters.
Also, I remember on thing from MSJ's DNSSEC-SO draft: In section
2.3.2.2, third bullet item (in regards to recursive caching servers):
The resolver side MUST also set the CD bit when sending queries
when the CD bit is set in the initiating query. [Note: The
current behavior for a PNE recursive resolver may be in error.]
Has this been covered in a thread? I don't remember. In my mind, it
may be necessary if there is some upstream cache in the middle. The
caching resolver still has the option (local policy) to perform
validation after sending the response back to the originator for
determining the cache status (BAD or not).
Scott
--
----------------------------------------
Scott Rose Computer Scientist
NIST
ph: +1 301-975-8439
scott.rose@nist.gov
http://www-x.antd.nist.gov/dnssec
http://www.dnssec-deployment.org/
-----------------------------------------
--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>