We have updated this document with comments and feedback from Berlin. We have also gone through and done another editing pass, removing a significant amount of text which was intended to drive the discussion, but would not really be useful in a published RFC.
Please review it, we believe that the document is ready (or almost ready) for WGLC. W On Wed, Aug 3, 2016 at 12:17 PM, <internet-dra...@ietf.org> wrote: > > A New Internet-Draft is available from the on-line Internet-Drafts > directories. > This draft is a work item of the Domain Name System Operations of the IETF. > > Title : Aggressive use of NSEC/NSEC3 > Authors : Kazunori Fujiwara > Akira Kato > Warren Kumari > Filename : draft-ietf-dnsop-nsec-aggressiveuse-01.txt > Pages : 12 > Date : 2016-08-03 > > Abstract: > The DNS relies upon caching to scale; however, the cache lookup > generally requires an exact match. This document specifies the use > of NSEC/NSEC3 resource records to generate negative answers within a > range. This increases resilience to DoS attacks, increases > performance / decreases latency, decreases resource utilization on > both authoritative and recursive servers, and also increases privacy. > > This document updates RFC4035 by allowing resolvers to generate > negative answers based upon NSEC/NSEC3 records. > > [ Ed note: Text inside square brackets ([]) is additional background > information, answers to frequently asked questions, general musings, > etc. They will be removed before publication.This document is being > collaborated on in Github at: https://github.com/wkumari/draft-ietf- > dnsop-nsec-aggressiveuse. The most recent version of the document, > open issues, etc should all be available here. The authors > (gratefully) accept pull requests. > > Known / open issues [To be moved to Github issue tracker]: > > > The IETF datatracker status page for this draft is: > https://datatracker.ietf.org/doc/draft-ietf-dnsop-nsec-aggressiveuse/ > > There's also a htmlized version available at: > https://tools.ietf.org/html/draft-ietf-dnsop-nsec-aggressiveuse-01 > > A diff from the previous version is available at: > https://www.ietf.org/rfcdiff?url2=draft-ietf-dnsop-nsec-aggressiveuse-01 > > > Please note that it may take a couple of minutes from the time of submission > until the htmlized version and diff are available at tools.ietf.org. > > Internet-Drafts are also available by anonymous FTP at: > ftp://ftp.ietf.org/internet-drafts/ > > _______________________________________________ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop -- I don't think the execution is relevant when it was obviously a bad idea in the first place. This is like putting rabid weasels in your pants, and later expressing regret at having chosen those particular rabid weasels and that pair of pants. ---maf _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
