Dear DNSOP, We have recently updated "Believing NSEC records in the DNS root" ( https://tools.ietf.org/html/draft-wkumari-dnsop-cheese-shop-01).
This incorporates some comments, but also does a better job of explaining the technique, what the benefits are, and why we are only handling the special case of the root zone. We believe that, in this limited use-case the suggestions in Section 4.5 of RFC4035 are not as relevant. We also believe that the NSEC case (and no wildcards :-)) is simpler to solve than the NSEC3 case. For these reasons we think that it is worth pursuing this in parallel with Fujiwara-san's "Aggressive use of NSEC/NSEC3" document. cheese-shop does not conflict with "Aggressive use...", rather it complements it, and can demonstrate the technique (in this restricted use case). We welcome any feedback, including tomatoes, howls of derisive laughter, etc. W
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
