I think Olafur's point is a good one, but I'm unhappy with the prose. Some suggested changes below.
On Sat, Feb 20, 2010 at 08:37:16AM -0500, Olafur Gudmundsson wrote: > There are two meachanisms to provide authenticated proof of > exsitance/non-existance in DNSSEC. A clear text one and a obfuscated > one. There are to mechanisms to provide authenticated proof of non-existence in DNSSEC: a clear text one and an obfuscated-data one. Each mechanism includes a list of all the RRTYPEs present at the name. Each mechanism includes only the name for which the zone is authoritative (that is, glue in the zone is omitted). The clear text mechanism is implemented using a sorted linked list of names in the zone. The obfuscated-data mechanism first hashes the names using a one-way hash function, and then sorts the resulting (hashed) strings. > The clear text version has its one RRtype for negative answer, Clear > text one uses NSEC record and the obfuscated one used NSEC3. I didn't know how to rephrase that, because if I understand it I think what I understand is wrong (but that's obviously not the case, so probably I don't understand it). A -- Andrew Sullivan a...@shinkuro.com Shinkuro, Inc. _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
