(Sorry for the belated feedback.)
I was just reading the document to work on some early implementation during the
Hackathon and noticed a small inconsistency:
Section 2 defines the wire-format and states for the OPTION-LENGTH it „[…]
should be 4 plus the length of the EXTRA-TEXT section (which m
> On Oct 3, 2019, at 7:11 AM, Tony Finch wrote:
>
>>> [ I'm still not convinced "indeterminate" is a coherent validation state...
>>> ]
>>
>> It happens when glue NS records are available, but DS RRsets are not.
>
> That is "insecure".
No, by "available" I meant lookup succeeded (returning va
Wes Hardaker wrote:
>
> It's this one:
>
>3.15. Extended DNS Error Code 14 - Not Ready
D'oh!
> One, the latest version talks about servers MAY put in more than one
> EDE.
Oh wow, that will be fun...
Tony.
--
f.anthony.n.finchhttp://dotat.at/
Biscay, Southeast Fitzroy: Southwesterly 5
Viktor Dukhovni wrote:
> > On Oct 2, 2019, at 8:01 AM, Tony Finch wrote:
> >
> > Is this not also covered by EDE 9 (DNSKEY missing) and EDE 10 (RRSIG
> > missing)?
>
> No it is not. The indeterminate state happens when DS RRset lookups
> servfail, for the zone or one of its ancestors, this could
Tony Finch writes:
> I have had another read through.
Thanks for the extra pass.
(we still have IETF-wide last call to wade through too, FYI)
> In the intro, one of the example uses for EDE is a server returning errors
> because it has not finished starting up, but there is no EDE code for th
> On Oct 2, 2019, at 8:01 AM, Tony Finch wrote:
>
> Re. EDE 5 indeterminate, RFC 4035 says:
>
> Indeterminate: An RRset for which the resolver is not able to
> determine whether the RRset should be signed, as the resolver is
> not able to obtain the necessary DNSSEC RRs. This can
I have had another read through.
In the intro, one of the example uses for EDE is a server returning errors
because it has not finished starting up, but there is no EDE code for this
case.
Re. EDE 0 "other", is it supposed to cover the situation when there are
multiple errors, e.g. different au
internet-dra...@ietf.org writes:
> A New Internet-Draft is available from the on-line Internet-Drafts
> directories. This draft is a work item of the Domain Name System
> Operations WG of the IETF.
This version addresses, I believe, all comments from the WG LC.
--
Wes Hardaker
USC/ISI
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Domain Name System Operations WG of the IETF.
Title : Extended DNS Errors
Authors : Warren Kumari
Evan Hunt