At 20:31 +0000 1/22/10, Alex Bligh wrote:
contents) in example.org. So, whilst opt-out should be avoided across intervals containing secure delegations, I see no reason to avoid it across intervals that don't contain secure delegations.
Opt-out is restricted to "intervals" that contain only unsecured delegations. RFC 5155: 6. Opt-Out ... (first paragraph's last sentence): name of the delegation. Setting the Opt-Out flag modifies this by allowing insecure delegations to exist within the signed zone without a corresponding NSEC3 RR at the hashed owner name of the delegation. -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-Edward Lewis NeuStar You can leave a voice message at +1-571-434-5468
As with IPv6, the problem with the deployment of frictionless surfaces is that they're not getting traction.
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
