It's fine, but two niggles: It appears that Shumon Huque <shu...@gmail.com> said: > specific benefit for online signing implementations. Hence, there > does not appear to be a strong advantage to implementing Compact > Denial of Existence with NSEC3. An existing implementation of
I'd say it more clearly Hence, there is no advantage to NSEC3 over NSEC when using Compact Denial of Existence. Someone is going to ask what about opt-out. I think the answer is that when doing online signing it's easier to sign everything than try and find the names whose hashes precede and follow the name you don't want to sign. R's, John _______________________________________________ DNSOP mailing list -- dnsop@ietf.org To unsubscribe send an email to dnsop-le...@ietf.org
