Another reason for an rr count number in the rrtype. Sent from my phone
> On Jul 28, 2018, at 08:47, Florian Weimer <f...@deneb.enyo.de> wrote: > > * John R. Levine: > >>>>> that the served zone is too large. Otherwise, the receiver has to >>>>> download the entire zone before it can determine that the hash does >>>>> not match. ... >> >>> On the other hand, clients will likely have a pretty good idea for the >>> size of the zone, so they could transfer it twice: ... >> >> Now I'm really confused. To avoid downloading the whole zone you download >> it twice? >> >> Could you explain in simple terms why you can't download the zone, check >> the digest and signature, and either use it or discard it? > > A malicious server might never stop sending data, or claim that the > transfer is ridiculously large. If the zone digest does not include > information about the amount of data, this can only be detected after > the server ended transmission, at which time the ZONEMD digest can be > compared. But at this point, the client may already have filled its > storage with garbage data, unless the double transfer trick is used. > > _______________________________________________ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
