Minor issue with the new text for handling of type code zero in
NSEC++. draft-ietf-dnsext-nsec-rdata-02.txt (which may not have
popped out of the I-D queue yet) says:
Since bit 0 in window block 0 refers to the non-existing RR type 0,
it MUST be set to 0. After verification, the validator SHOULD ignore
the value of bit 0 in window block 0.
The SHOULD here seems wrong to me, I think it ought to be MUST, for
the usual Robustness Principle reason.
Since the reason that I happened to notice this is that I was
integrating the NSEC++ text into draft-ietf-dnssec-records-06 at the
time, and since I hadn't seen any namedroppers discussion that looked
like direction from the WG on this point, I went with what made sense
to me and put MUST into the new -records text on this point. Final
answer on this point is of course up to the WG, but I had to put
something into -records and it seemed silly to include text that the
WG had not yet discussed and that I was pretty sure was wrong.
So the point of this message is twofold:
a) to ask the WG to decide what the right answer is on this point;
b) to warn the WG that the current NSEC++ and DNSSECbis drafts
disagree on this point, so that nobody will be surprised.
--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>