On Dec 13, 2017, at 4:46 PM, Joe Abley <jab...@hopcount.ca> wrote: > The document actually specifies quite clearly that the delegation "MUST NOT > include a DS record" which seems to be different from what you are saying. It > also specifies that the delegation "MUST point to one or more black hole > servers", which is pretty vague language following a MUST.
I second-guessed myself on the double negative in the previous message. What I meant, and what I believe the document clearly says, is that there must be a delegation, and it must not be signed. The point of this is to avoid either a secure denial of existence (the status quo) or a secure delegation. Either of these would completely prevent home.arpa from working for a validating stub. > I appreciate that the intention of homenet may well have been clear, but the > text in section 7 is definitely not clear. I think actually it would have > been reasonable for IANA to send it back as ambiguous before it got to the > RFC Editor queue. Can you point to the actual ambiguity? The reason we said "one or more black hole servers" was to leave it up to the operator of .arpa to decide which black hole servers and how many of them. That was a deliberate choice, not an omission.
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
