[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [dnsext] draft-ietf-dnsext-dnssec-bis-updates and NSEC3

To: Paul Hoffman <paul.hoffman@vpnc.org>, namedroppers@ops.ietf.org
Subject: Re: [dnsext] draft-ietf-dnsext-dnssec-bis-updates and NSEC3
From: Alex Bligh <alex@alex.org.uk>
Date: Fri, 12 Dec 2008 10:39:06 +0000
Cc: Alex Bligh <alex@alex.org.uk>
In-reply-to: <p06240815c5678ad257cc@[10.20.30.158]>
References: <p06240815c5678ad257cc@[10.20.30.158]>
Reply-to: Alex Bligh <alex@alex.org.uk>

--On 11 December 2008 19:51:18 -0800 Paul Hoffman <paul.hoffman@vpnc.org>wrote:

If so, draft-ietf-dnsext-dnssec-bis-updates should say so, given that we
want that document to reflect reality.


If we are taking the position that rsasha256 etc. should only get
one algorithm number, it seems to me that this is argument must
effectively be predicated on the belief that supporting NSEC3
in validators is required "in the real world" to exactly the same
extent as supporting NSEC. Given the above draft sets out what is required
"in the real world" (for the same value of "real world" as before),
I think +1.

Alex

--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>

References:
- [dnsext] draft-ietf-dnsext-dnssec-bis-updates and NSEC3
  - From: Paul Hoffman <paul.hoffman@vpnc.org>

Prev by Date: Re: [dnsext] one algorithm number or two
Next by Date: Re: [dnsext] one algorithm number or two
Previous by thread: [dnsext] draft-ietf-dnsext-dnssec-bis-updates and NSEC3
Next by thread: Re: [dnsext] draft-ietf-dnsext-dnssec-bis-updates and NSEC3
Index(es):
- Date
- Thread