[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Q-03: inclusion of KEY records in additional records section

To: namedroppers@ops.ietf.org
Subject: Re: Q-03: inclusion of KEY records in additional records section
From: Paul Vixie <paul@vix.com>
Date: Thu, 24 Apr 2003 05:44:07 +0000
In-reply-to: Message from Ólafur Guðmundsson <ogud@ogud.com> of "Wed, 23 Apr 2003 22:06:39 -0400."<5.1.1.6.2.20030423144112.020542f8@localhost>

> Listed below in order of frequency of inclusion of KEY RRset
> in additional section:
> 	1. Always include covering KEY
> 	2. Include covering KEY on referral only
> 	3. Never
> Please express preference on which rule to pick, and why.

#3.  the time the KEY is needed is the first time a validator sees a SIG
with that keyname.  there is no way for a server to know when that's 
occuring.  including it every time the SIG is exposed (as in #1 above)
would waste resources.  including it only in the case of a referral (#2
above) misses the target since the next key the validator will need is
in the child zone and won't be the one you're including.

> Should inability to include one or both of the KEY RRsets cause the
> TC bit to be set ? (RFC2535 said no)

no.

--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>

Follow-Ups:
- Re: Q-03: inclusion of KEY records in additional records section
  - From: David Blacka <davidb@verisignlabs.com>

References:
- Re: Q-03: inclusion of KEY records in additional records section
  - From: Ólafur Guðmundsson <ogud@ogud.com>

Prev by Date: Re: Proposed Resolution to LLMNR Issue 33: PTR via Unicast
Next by Date: Re: Q-03: inclusion of KEY records in additional records section
Previous by thread: Re: Q-03: inclusion of KEY records in additional records section
Next by thread: Re: Q-03: inclusion of KEY records in additional records section
Index(es):
- Date
- Thread