On Jul 9, 2018, at 02:02, George Michaelson <g...@algebras.org> wrote:
> wow. Firstly, I thought canonicalization was a given: we have > definitions of canonical zone order for other reasons (NSEC*) don't > we? NSEC is concerned with the ordering of owner names. RRSIG is concerned with the ordering of individual RRs in an RRSet. Unsigned RRSets (e.g. glue, NS RRSets above a zone cut) are unordered. You could apply the same rules (RFC4034 section 6.3) to sort them into canonical order, but I think you could also not do that and still have a compliant implementation of DNSSEC. Joe _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
