There are three things that made it hard to deploy new features. 1) Firewall vendor shipping firewalls with ridiculously strict rules with zero evidence that they are needed.
2) Misimplementation of STD 13 and RFC 2671 by nameserver vendors. 3) Unknown EDNS option behaviour was not well defined by RFC 2671, this is addressed in RFC 6891. 1 and 2 made it impossible to do a clean update from RFC 2671 to RFC 6891 which tightened the unknown EDNS option behaviour. Proper implementation of RFC 2671 would have allowed the EDNS version 1 to be used to signal that RFC 6891 unknown option behaviour is required. I don't see how adding a capabilities option will help here when the primary problem is bad code. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
