> On 6 Mar 2023, at 4:20 am, Peter Thomassen <pe...@desec.io> wrote: > > Hi, > > I like this draft. Some thoughts: > > > 1.) Maybe it's worth pointing out that zones using compact denial SHOULD > (MUST?) use NSEC, not NSEC3. >
Could you please explain your thinking here? In the same way that the ‘compact' NSEC record specifies a minimal span of non-existence across the sorted namespace, then why can’t a compact NSEC3 record define a minimal span in the sorted space of hashed names? I must be missing something here. Geoff _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop