> On 6 Mar 2023, at 4:20 am, Peter Thomassen <pe...@desec.io> wrote:
> 
> Hi,
> 
> I like this draft. Some thoughts:
> 
> 
> 1.) Maybe it's worth pointing out that zones using compact denial SHOULD 
> (MUST?) use NSEC, not NSEC3.
> 

Could you please explain your thinking here? In the same way that the ‘compact' 
NSEC record specifies a minimal span of non-existence across the sorted 
namespace, then why can’t a compact NSEC3 record define a minimal span in the 
sorted space of hashed names? I must be missing something here.


Geoff
 
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop

Reply via email to