nsec++: type code zero again

[Rob Austein <sra+namedroppers@hactrn.net>]

Minor issue with the new text for handling of type code zero in
NSEC++.  draft-ietf-dnsext-nsec-rdata-02.txt (which may not have
popped out of the I-D queue yet) says:

   Since bit 0 in window block 0 refers to the non-existing RR type 0,
   it MUST be set to 0.  After verification, the validator SHOULD ignore
   the value of bit 0 in window block 0.

The SHOULD here seems wrong to me, I think it ought to be MUST, for
the usual Robustness Principle reason.

Since the reason that I happened to notice this is that I was
integrating the NSEC++ text into draft-ietf-dnssec-records-06 at the
time, and since I hadn't seen any namedroppers discussion that looked
like direction from the WG on this point, I went with what made sense
to me and put MUST into the new -records text on this point.  Final
answer on this point is of course up to the WG, but I had to put
something into -records and it seemed silly to include text that the
WG had not yet discussed and that I was pretty sure was wrong.

So the point of this message is twofold:

a) to ask the WG to decide what the right answer is on this point;

b) to warn the WG that the current NSEC++ and DNSSECbis drafts
   disagree on this point, so that nobody will be surprised.

--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>