In message <cakw6ri6jckm09uojcobe6c9jmsmjo4oihnctzsmewnxqxv4...@mail.gmail.com>, Dick Franks writes: > On 27 June 2017 at 18:10, Jan VÄelák <j...@fcelda.cz> wrote: > > >8 > > There is plenty other alternative ways to express DS DELETE request. > > But I would prefer accepting this simple erratum rather than > > researching all the other options (which we should have done when > > revising the drafts of this document). > > > > There is no point in moaning that things could/should have been done > better. > > What is needed now is methodical use-case analysis based on RFC8078 as it > exists now and tested against a real implementation. The time to rewrite > the RFC will come if/when we discover we are unable to live with it. We > have not reached that point yet.
I can't go from RFC8078 to a working implementation because the existing description is not clear enough to do it. I don't think anyone can do it. With the proposed errata fix I could write code. For CDS the RRset is a single RR with a rdata of 0x00 0x00 0x00 0x00 0x00. For CDNSKEY the RRset is a single RR with a rdata of 0x00 0x03 0x00 0x00 0x00. In both cases the RRset needs to be signed and validitation needs to return that the answer is secure before it can be acteded on. Mark > --Dick -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
