> On 6 Nov 2023, at 15:41, Dave Lawrence <t...@dd.org> wrote: > > Roy Arends via dnsdir writes: >> Why would you, as an implementor, guess? > > Because you've only said only "responses", and then also provided a > document that largely talked about DNSSEC as examples. Clarifying > that is not intended only for DNSSEC reporting would be great.
Sure, I’ll add that. > If you really mean "all responses" then say it explicitly. I think > that's overkill, but at least it is specified. I won’t, as that won’t leave any room for local policy override. > Protocols should be > clear, and just an unmodified "responses" leaves too much implicit > without any real guidance. > > It's noteworthy that you are now suggesting Clearly, I’m not. > it should be even inserted > in responses where there client didn't even use EDNS. 6891 permits > this, RFC6891 explicitly forbids this with a MUST NOT. > but as far as I can think of this is the first time we are > suggesting that authority servers do that, so it really deserves some > explicit attention. Roy
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
