Thank you. I have attempted to reword this so that it is more readable. I'm making multiple sets of changes; they are being staged on github and will be published soon. https://github.com/wkumari/draft-ietf-dnsop-nsec-aggressiveuse
W On Tue, Sep 13, 2016 at 3:50 PM, Bob Harold <rharo...@umich.edu> wrote: > > On Tue, Sep 13, 2016 at 11:28 AM, <internet-dra...@ietf.org> wrote: >> >> >> A New Internet-Draft is available from the on-line Internet-Drafts >> directories. >> This draft is a work item of the Domain Name System Operations of the >> IETF. >> >> Title : Aggressive use of NSEC/NSEC3 >> Authors : Kazunori Fujiwara >> Akira Kato >> Warren Kumari >> Filename : draft-ietf-dnsop-nsec-aggressiveuse-02.txt >> Pages : 13 >> Date : 2016-09-13 >> >> Abstract: >> The DNS relies upon caching to scale; however, the cache lookup >> generally requires an exact match. This document specifies the use >> of NSEC/NSEC3 resource records to generate negative answers within a >> range. This increases performance / decreases latency, decreases >> resource utilization on both authoritative and recursive servers, and >> also increases privacy. It may also help increase resilience to >> certain DoS attacks in some circumstances. >> >> This document updates RFC4035 by allowing resolvers to generate >> negative answers based upon NSEC/NSEC3 records. >> >> [ Ed note: Text inside square brackets ([]) is additional background >> information, answers to frequently asked questions, general musings, >> etc. They will be removed before publication.This document is being >> collaborated on in Github at: https://github.com/wkumari/draft-ietf- >> dnsop-nsec-aggressiveuse. The most recent version of the document, >> open issues, etc should all be available here. The authors >> (gratefully) accept pull requests. >> >> Known / open issues [To be moved to Github issue tracker]: >> >> >> The IETF datatracker status page for this draft is: >> https://datatracker.ietf.org/doc/draft-ietf-dnsop-nsec-aggressiveuse/ >> >> There's also a htmlized version available at: >> https://tools.ietf.org/html/draft-ietf-dnsop-nsec-aggressiveuse-02 >> >> A diff from the previous version is available at: >> https://www.ietf.org/rfcdiff?url2=draft-ietf-dnsop-nsec-aggressiveuse-02 >> >> > Looks good, but this one sentence in "5.4. Wildcard" does not read well to > me: > > "But, it will be more > effective when both are enabled since the resolver can determine the > name subject to wildcard would not otherwise exist more efficiently." > > Not sure how to reword it. > > -- > Bob Harold > > > > > _______________________________________________ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop > -- I don't think the execution is relevant when it was obviously a bad idea in the first place. This is like putting rabid weasels in your pants, and later expressing regret at having chosen those particular rabid weasels and that pair of pants. ---maf _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
