On Mon, Jul 06, 2015 at 03:48:13PM -0400, Warren Kumari <war...@kumari.net> wrote a message of 68 lines which said:
> A number of people approached me at DNS-OARC and the RIPE DNS track > in Amsterdam asking what became of this draft, and could we please > update it. It's not on the agenda on monday, isn't it? > Wes and I finally had some time to work on it in Buenos Aires, after > the ICANN meeting (actually, Wes did the work, I just mumbled and > brought him coffee...) I've re-read the discussion in January about version -00 and apparently the questions that come to my mind are not shared by anyone so here they are: * the draft gives the impression that it authorizes a new behaviour. But auth. servers have been sending extra data (IP address of a MX target, for instance) for years. * the draft says these extra data MUST (RFC2119-MUST) be validated with DNSSEC. Does it mean that the current behaviour of sending extra data for unsigned zones is now illegal? * [followup off the previous question] should we instead say that extra data should be sent (and should be accepted by clients) if and only if (DNSSEC-validated _or_ in-bailiwick)? The current behaviors of resolvers (accept extra data if in-bailiwick) does not seem to be mentioned. * the draft says "an authoritative name server operator can ensure that the recursive server that the client is using has all the answers in its cache". This is very dangerous because people may read it "we now have a sure way to control what ends in the resolver's cache" which is clearly not the case (the resolver may refuse some of the extra data, the TTL of the extra data may mae it expire before the "main" data, etc). _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
