Matthijs Mekking <matth...@pletterpet.nl> writes: > Can we make use of the keyword MAY? This allows I think for text that > will not get out of date: > > Validating resolvers MAY return an insecure response when processing > NSEC3 records with iterations larger than 0. Validating resolvers MAY > also return SERVFAIL when processing NSEC3 records with iterations > larger than 0. This significantly decreases the requirements > originally specified in Section 10.3 of [RFC5155]. See the Security > Considerations for arguments on how to handle responses with non-zero > iteration count.
Thanks for the good text Matthijs. I've added it tot he bottom of the existing 3.2, which seems to be where consensus indicated it should go. -- Wes Hardaker USC/ISI _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
