On Oct 5, 2022, at 10:44 AM, John Dickinson <j...@sinodun.com> wrote: > > "What we today call "DNSSEC" is formally version 3 of the DNSSEC > specification." > > The only version number I know of in DNSSEC is the Protocol Field in a DNSKEY > RR. However this doesn't really version the whole of DNSSEC. > > So I think that either that sentence in the draft should be expanded to cover > what the previous 2 versions were or be removed altogether.
Thanks John, this is a very good point. At a minimum, the version number 3 is
not defined anywhere in RFC 4033/4034/4035, so I should drop the word
"formally". Given that, the rest of that paragraph is kinda wonky too.
However, earlier versions of DNSSEC were thinly deployed and significantly less
visible than the current DNSSEC specification. Throughout this document,
"DNSSEC"
means version 3 of the protocol initially defined in {{RFC4033}}, {{RFC4034}},
and {{RFC4035}}.
I propose to replace that paragraph with:
What we today call "DNSSEC" is the DNSSEC specification defined in {{RFC4033}},
{{RFC4034}}, and {{RFC4035}}.
However, earlier incarnations of DNSSEC were thinly deployed and significantly
less
visible than the current DNSSEC specification.
Does that work with folks here?
--Paul Hoffman
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
