[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Q1: Should we allow name compression in the RDATA of DNSSEC RRs?

To: <namedroppers@ops.ietf.org>
Subject: Q1: Should we allow name compression in the RDATA of DNSSEC RRs?
From: "Scott Rose" <scottr@nist.gov>
Date: Tue, 11 Feb 2003 07:30:30 -0500

Though it isn't just my opinion, there seems to be some concensus around the
WG that name compression in the RDATA of the DNSSEC RRs (SIG and NXT).
Generally, that it is a not something desired.

Q:  Should the text in the Resource Records draft of the DNSSEC spec be
changed to indicated that name compression "SHOULD NOT" be used when sending
security RRs over the wire?  This only applies to the "signer's name" field
of the SIG RR and "next domain name" of the NXT RR.
    note:  "SHOULD NOT" would be the suggestion.  "MUST NOT" may be too
strong, but if that is the concensus, then that will be the language.

The same requirements should not be applied to the resolver. i.e. that
resolvers should still accept and process RRs that use name compression in
the next domain name field of the NXT RR and signer's name of the SIG RR.



--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>

Follow-Ups:
- Re: Q1: Should we allow name compression in the RDATA of DNSSEC RRs?
  - From: gson@nominum.com (Andreas Gustafsson)
- Re: Q1: Should we allow name compression in the RDATA of DNSSECRRs?
  - From: Jakob Schlyter <jakob@crt.se>

Prev by Date: Re: Questions on the new DNSSEC spec
Next by Date: Q2: crypto algorithm requirements for DNSSEC
Previous by thread: Questions on the new DNSSEC spec
Next by thread: Re: Q1: Should we allow name compression in the RDATA of DNSSECRRs?
Index(es):
- Date
- Thread