[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: draft-weiler-dnsext-dnssec-2535-compat-00.txt

To: Sam Weiler <weiler@tislabs.com>
Subject: Re: draft-weiler-dnsext-dnssec-2535-compat-00.txt
From: Roy Arends <roy@logmess.com>
Date: Sun, 2 Mar 2003 17:37:23 +0100 (CET)
Cc: namedroppers@ops.ietf.org
In-reply-to: <Pine.GSO.4.33.0303021055320.12340-100000@raven>
References: <Pine.GSO.4.33.0303021055320.12340-100000@raven>

On Sun, 2 Mar 2003, Sam Weiler wrote:

> This document describes a solution to a backwards incompatibility
> problem between DS and resolvers that understand RFC2535.  The
> proposed solution of rolling the DNSSEC RR type codes has been
> implemented and received some testing at the opt-in workshop at RIPE
> in January (see Olaf's message of 5 Feburary and the ensuing
> discussion).  The same problem may be triggered when legacy resolvers
> see proofs of delegations being in insecure spans using opt-in,
> but this has not been tested.
>
> This problem was diagnosed by Jakob Schlyter and Mark Andrews earlier
> this year, though it probably caused some of the misbehavior seen on
> testbeds and in workshops last year.

Sam,

Proposing new DNSSEC RR type codes implies upgrading resolvers,
which seems to be exactly what you wanted to avoid.

Roy

--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>

Follow-Ups:
- Re: draft-weiler-dnsext-dnssec-2535-compat-00.txt
  - From: Sam Weiler <weiler@tislabs.com>

References:
- draft-weiler-dnsext-dnssec-2535-compat-00.txt
  - From: Sam Weiler <weiler@tislabs.com>

Prev by Date: draft-weiler-dnsext-dnssec-2535-compat-00.txt
Next by Date: Re: draft-weiler-dnsext-dnssec-2535-compat-00.txt
Previous by thread: draft-weiler-dnsext-dnssec-2535-compat-00.txt
Next by thread: Re: draft-weiler-dnsext-dnssec-2535-compat-00.txt
Index(es):
- Date
- Thread