Op 17-03-2025 om 11:53 schreef Shumon Huque:
On Mon, Mar 17, 2025 at 5:47 PM Vladimír Čunát <vladimir.cunat+i...@nic.cz <mailto:vladimir.cunat%2bi...@nic.cz>> wrote:On 17/03/2025 11.28, Shumon Huque wrote:There is language in the draft that tries to address your concern. It allows for "parent centric" (yes, I know many folks don't like that term) to optionally not do it. We also suggest that the "extensive revalidation" (including glue validation), can be done selectively at only a higher layer of the stack (e.g. the root).I read both NS and glue revalidation as qualified by a SHOULD (in -09). That still leaves room to differ, but I wouldn't call that "optionally not do it".I couldn't remember exactly what text we put in. Looks like section 8.3 (Other Considerations) 2nd paragraph acknowledges the existence of parent centric implementations, but yes, that is not the same as saying optionally not doing it. I think this text was put in after consultation with Ralf Weber. Willem - is there other text on this point?
Yes, by request, we changed most of the noncommittal "will"'s in the draft with with MUSTs, MAYs and SHOULDs. This may still need some tuning.
We could turn "SHOULD do NS revalidation", into "SHOULD either do NS revalidation, or SHOULD practice one of the alternative (or supplementary) approaches: local root with ZONEMD [last paragraph of Section 8.1], limiting revalidation to delegations that cross administrative boundaries [first paragraph of Section 8.3], or using only data from referral responses for contacting authoritative name servers [second paragraph of Section 8.3])
-- Willem
Shumon _______________________________________________ DNSOP mailing list --dnsop@ietf.org To unsubscribe send an email todnsop-le...@ietf.org
OpenPGP_0xE5F8F8212F77A498_and_old_rev.asc
Description: OpenPGP public key
OpenPGP_signature.asc
Description: OpenPGP digital signature
_______________________________________________ DNSOP mailing list -- dnsop@ietf.org To unsubscribe send an email to dnsop-le...@ietf.org
