IETF Logo Mail Archive

Re: [DNSOP] Robert Wilton's No Objection on draft-ietf-dnsop-nsec-ttl-04: (with COMMENT)

"Rob Wilton (rwilton)" <rwilton@cisco.com> Wed, 19 May 2021 09:30 UTC

Return-Path: <rwilton@cisco.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1D0E23A2413; Wed, 19 May 2021 02:30:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -11.896
X-Spam-Level:
X-Spam-Status: No, score=-11.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=f4TaEah3; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=Q5EiMl7F
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tgrmENbxzsy6; Wed, 19 May 2021 02:30:50 -0700 (PDT)
Received: from alln-iport-4.cisco.com (alln-iport-4.cisco.com [173.37.142.91]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 464F13A2412; Wed, 19 May 2021 02:30:50 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=4768; q=dns/txt; s=iport; t=1621416650; x=1622626250; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=9cvyYuj3Q0IxqDzVwunPpXkxB1U3BDMoDzaWtxP32DA=; b=f4TaEah3EeqV/DvjRWnbhjNva8wfxeyPy7d53CmamZ0hcETDS2ouoKz6 6RNOGh/YIO6EQPxQ+lk4E0Lozivyhjt1eESQKl+wwct0C7CmYbPfjQR2X HvNiYJ60HB1FcC7c0bRZEqcSQ2/4Cvvj2gE9FiaNYr1i8aqB+AwUeBt1m Y=;
X-IPAS-Result: A0ADAAAo2qRgmIwNJK1aGgEBAQEBAQEBAQEDAQEBARIBAQEBAgIBAQEBQIFDBQEBAQELAYFSUX5aNjELhDyDSAOEWWCIdQOKPoUEiimBLoElA1QLAQEBDQEBMQ4CBAEBgVuCdAIXgV0CJTQJDgIEAQEBAQMCAwEBAQEFAQEFAQEBAgEGBBQBAQEBAQEBAWiFUA2GRAEBAQECASMRDAEBKQ4BCwQCAQgRBAEBAQICJgICAh8RFQgIAgQBDQUIgmkBglUDDiEBA5xtAoofeoEygQGCBwEBBgQEhSgNC4ITCYEQKgGCeoJxU0qCY4N3JxyBSUSBFUOCXz6CH4F8GRGDFTaCLYFpgUUEA0wEL0wdLBkNAlMPkR6Cd0OVGJBgOlsKgxaKA4d9hgKFYBGDWoFBiVSWUZU3iXWFN49AKAQdhFMCBAIEBQIOAQEGgVQ4gVtwFYMkCUcXAg5XjUgMDQkVgzmKXXMCNgIGCgEBAwl8hzABJgeBBwGBEAEB
IronPort-PHdr: A9a23:fz5VRBGuTbfSWHe4fSUctp1GfsIY04WdBeZdwoIglL9UfqK4uZ/lO R+X6fZsiQrPWoPWo7JBhvHNuq/tEWoH/d6asX8EfZANMn1NicgfkwE6RsLQD0r9Ia3yaDM3B shETxlu+HToeURQEdz1MlvVpHD65DUOGxL5YAxyIOm9GoPbg8mtke6o/JiGaARTjz37arR3f 32L
IronPort-HdrOrdr: A9a23:7LZOX6/XL7uhb8e2p6Juk+ENdb1zdoMgy1knxilNoENuE/Bwxv rBoB1E73DJYW4qKQ4dcdDpAtjmfZquz+8K3WB3B8biYOCGghrnEGgG1+vfKlLbalbDH4JmpM Jdmu1FeaHN5DtB/IbHCWuDYqwdKbC8mcjC74qzvhQdLz2CKZsQkjuRYTzrdHGeMTM2fabRY6 Dsn/avyQDQHUg/X4CePD0oTuLDr9rEmNbNehgdHSMq7wGIkHeB9KP6OwLw5GZcbxp/hZMZtU TVmQ3w4auu99uhzAXH6mPV55NK3PP819p4AtCWgMR9EESvtu/oXvUlZ1SxhkFznAid0idtrD AKmWZ4Ay1H0QKUQohym2q05+Cv6kd015ao8y7ovZKqm72IeNt9MbsauWqcGSGpt3bJe7pHof 92NiuixulqJAKFkyLn69fSURZ20kKyvHo5iOYWy2dSSI0EddZq3MEiFW5uYdw99RjBmcoa+S hVfbfhDf1tAB+nhrDizyFSKfmXLzsO9zu9Mzw/U/2uonFrdSpCvj4lLeQk7wA9HbwGOut529 g=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-AV: E=Sophos;i="5.82,312,1613433600"; d="scan'208";a="688679097"
Received: from alln-core-7.cisco.com ([173.36.13.140]) by alln-iport-4.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 19 May 2021 09:30:49 +0000
Received: from mail.cisco.com (xbe-rcd-004.cisco.com [173.37.102.19]) by alln-core-7.cisco.com (8.15.2/8.15.2) with ESMTPS id 14J9UnVV019077 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=OK); Wed, 19 May 2021 09:30:49 GMT
Received: from xfe-aln-003.cisco.com (173.37.135.123) by xbe-rcd-004.cisco.com (173.37.102.19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.792.15; Wed, 19 May 2021 04:30:49 -0500
Received: from xfe-rcd-002.cisco.com (173.37.227.250) by xfe-aln-003.cisco.com (173.37.135.123) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.792.3; Wed, 19 May 2021 04:30:48 -0500
Received: from NAM02-SN1-obe.outbound.protection.outlook.com (72.163.14.9) by xfe-rcd-002.cisco.com (173.37.227.250) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.792.15 via Frontend Transport; Wed, 19 May 2021 04:30:48 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=laneMQfL4C8t5dIwWsfYrX8rxuOX5i7CL0AUeO83CmOpAxrlh15yfhJgDazgea0DEJAH/NCuBNOuw56tWTE34srSt97rLTxYm+QQcqwpHMqoarRFBuwQ/7UkAAeUzj+f9qHlCP+c41j+yw0J6A7RoHhHif/lhRRbc4KW1M11VrFXJsd8KNSU6dn/Eco26EAbD0le25mpnrNb6QtFeb6OdCFuWeBr0EDTFus2DriS4CJ1LetYyQpPIG3fMeanVTAW0hFGXER2/Da6Fd9TJ5KPxM3nL0DGsmef2gLwmBA3RvnFwIQbMxPWtq2wXg71EZGdplwYGvFFuQaFgxYl/dbc4A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=9cvyYuj3Q0IxqDzVwunPpXkxB1U3BDMoDzaWtxP32DA=; b=gp5X8k4mgjHsYdFG8tE835PQtrFABqzaS2/nOF7ncBGpEpGLQLF5KEnaMVb9VrBL5U2CXJ59Gc6K0UIESVflCLd4cu2/iiVpWxA53azycOeKtvmNzzN43uQEnrhpYeIiNjHCjtCBydtDnCCvLqgWBTZqYaFaORerY8Fmm/CBgW1i0iqPz+pqT7+/TJdUprdxbJZMBjgNtk6mbMvxZflMt0N1fHVesGMFvzu3gWeCbZy2TAMZH/entafELlBcNPwaoyd2Df/ALshUDNlVwTlj/pZtfHwVy7kJ7FX51SKSwnlAistwXceFAPa2/zyjyIlK2m5eF2ECUCYPIqG+nPZY+w==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=9cvyYuj3Q0IxqDzVwunPpXkxB1U3BDMoDzaWtxP32DA=; b=Q5EiMl7FAYyX0BTnfUjm81hFWG+XxN4zaVgL9gsCw67hvTxXZTMl61o5J4iz6+6qA267b8NR2j6Cd/eLWw2q8966OTgNzuLOzvGCSLWCf2lZPc57lKru35mxyAzSqF1Xpu4SD+kqh1HsTLiOGNTm4NHJS680Y9LUPW6PTdj8oVA=
Received: from MN2PR11MB4366.namprd11.prod.outlook.com (2603:10b6:208:190::17) by BL0PR11MB2899.namprd11.prod.outlook.com (2603:10b6:208:7b::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4129.28; Wed, 19 May 2021 09:30:47 +0000
Received: from MN2PR11MB4366.namprd11.prod.outlook.com ([fe80::217d:4810:6cea:ef72]) by MN2PR11MB4366.namprd11.prod.outlook.com ([fe80::217d:4810:6cea:ef72%6]) with mapi id 15.20.4129.033; Wed, 19 May 2021 09:30:47 +0000
From: "Rob Wilton (rwilton)" <rwilton@cisco.com>
To: Peter van Dijk <peter.van.dijk@powerdns.com>, The IESG <iesg@ietf.org>
CC: "draft-ietf-dnsop-nsec-ttl@ietf.org" <draft-ietf-dnsop-nsec-ttl@ietf.org>, "dnsop-chairs@ietf.org" <dnsop-chairs@ietf.org>, "dnsop@ietf.org" <dnsop@ietf.org>, "tjw.ietf@gmail.com" <tjw.ietf@gmail.com>
Thread-Topic: [DNSOP] Robert Wilton's No Objection on draft-ietf-dnsop-nsec-ttl-04: (with COMMENT)
Thread-Index: AQHXS/cRHcNuyt51EkSv6QSY2edPT6rpfeIAgAENDRA=
Date: Wed, 19 May 2021 09:30:47 +0000
Message-ID: <MN2PR11MB43668B9866BF59723DD3D98FB52B9@MN2PR11MB4366.namprd11.prod.outlook.com>
References: <162135024662.12090.17595940999634564709@ietfa.amsl.com> <f2e4bceead9660d8f0b64724e6303c3e6deb7237.camel@powerdns.com>
In-Reply-To: <f2e4bceead9660d8f0b64724e6303c3e6deb7237.camel@powerdns.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: powerdns.com; dkim=none (message not signed) header.d=none;powerdns.com; dmarc=none action=none header.from=cisco.com;
x-originating-ip: [82.12.233.180]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: ce66ea25-edee-4423-0761-08d91aa8c8dc
x-ms-traffictypediagnostic: BL0PR11MB2899:
x-microsoft-antispam-prvs: <BL0PR11MB2899E051E106DC431A13A92BB52B9@BL0PR11MB2899.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: H45hY0M1A3Hop2IItDyf7MGQC8wuqd8PZkGTuNHYvSXkaohjuEmMCE7VUFHfySPZW028fFEXx+XvD9jdUa603xpo0or/yYULCPSbrWrQBI+lSJv2W4VvxeyRbszEaD013QSgCm/7Fyjb4iTMLKThiV3U81CXFWYK1qyfr03GcKAP4P+J/TnoIKBjLIT6yTMWaDKqFnhubz5lQ9BIgjue/dSn0ZEheVEmmRHQzkEuTfe0Ug+Wej3wkMysIa9hbTIK6ayb8TN+Jq77bk/1Ul2yuduAN1Sjh2OcK28LdZCzzD9sjPTD3yVGe7dJxU7MnyC9YwlGUyuWiAv63TTTuU1Upe8sYGRK7fxAneO0kTbz2TSdyHSCUVbJfGFMx0YiLuwMzwJOQqju/LlG7xvoQPfQFSHX2gGTgtEXpjWV/k853oX09wz8JKtgQuENpX7m5yTFvVckW87EPqr7HfBnEFNMmgrM118oPSJ4bw8kGJP2xL4DbfbJX/Mk8n50fGsOhWU/dyA+C8Eg5WXr55vwIKXsu6hXOsvNrZPZLolxxwXrgIsIG4OuHWzt6qcyIq7p0vhB80o2jELszUSroNx8A6VEQjiaaqoI0TL0WLwrPcrAg+z5Y+METrKwFUmyGrlcUMCXPkRk95ZkHs2HwNfO6aQo9ri/ozO0I5e9ZVueofRqYumYSxRlemNzHZ1x9tfna4V6
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:MN2PR11MB4366.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(136003)(376002)(366004)(396003)(39860400002)(346002)(966005)(7696005)(38100700002)(122000001)(86362001)(26005)(71200400001)(478600001)(110136005)(6506007)(53546011)(8676002)(186003)(9686003)(8936002)(66446008)(54906003)(316002)(2906002)(83380400001)(64756008)(66556008)(66946007)(55016002)(66476007)(76116006)(52536014)(5660300002)(4326008)(33656002); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: ZaOoCzSHTVPozbIO0//UjOzBlkRHu+LHOA3YyulrIdCcOKZrz6MMunY4MYq8xeA0Wghykg1mMQWUr68aBPI0UEO8j0PKKEEBmXprcsicrsEoQo/aef0PuRp6IpgwZHGdi3/lgUFNKNo9bWTUP2ArAIJSNiN2fBAQ3taj2t/qGj8HwPvHCCeWWbxTXy7t0n3Ic5i5vvK18rfF5sUhPxuZgIcbIscwDWpfObHfFVPztpvOZo8h5eJemlK/NQ8Wof0bzuSWEuZiZEg7iRYgixBPOATladU5v36UIFi+CIK3BdxtzKzcA5Q3A5BI/C+ajVSBXlB0MJNo79NhPPeN9v2ohFtwRnNaPecyytxU+Gw27U+bYMcooX8fSmtJQ6iogtTi2kSO3etXv0H73E2VnYjxXlX+bPjsbw5Ut7dwVnIPYPfLOjTCUCWGH5Uy6gOeoWUcuCriU/Vy7KbeIlhM9PzmRXHUv4cYyZ2rwdsemt4cNuXQmpCQ8xfQFmtK4GN3Rw3XJprbu9L1WG8hBN7n8vw66K1lbdSxvGIntd92OY5KWJU4GLNbE22ppwpjJClP1gUUV20xgyK3C4ZwDvZHm1FqNSGLoaj+S6YBMTkZh+XgSnKe8Td21ZXWZyMPdO0LR1qJ4flQA+xaIkC7it+amHuG9hF1xDqVOKk2JbFE+IuVGT7QOAJmeSzTVRXyQE/BxrlXx274oTX/QVuPRVFNvh2faKpZwubcDc8ixW2I7KJJscga06QttIhS7qXOrDM0LpRt6yVOl4zqXIiI1O2FEZvtqk2NaFMdTelzGN/RoX9ESLfp8ssxv9Dz/qa91fuoBxcBp+Rj/v2j36x+7rpVRAHbN+jtuLIe6StUBvFNCdDKGzhvoPgPcI1SKRALU3x5BqKPcM9M3fwy0+7ZcnxvsZcMHztYrWWI0H6IPvDg0FncYNUswdLra3gr0097m2K2V+o9nSA6fTBnGYF+kjl+I1Q20aeTRnb8apsYJPZPysN0RXCpTZTZdk5+U4Z1gUAwxJOMKhAdlbSQKbMtH7jiPs1z9s2uz+dXmkHk8unuxuigdiSuu4vt38uY2mrc/jMRXwMQwQ2jDwj4isU5aX+3w/s1b8G74J180q3Kd4mlfmJEFEttw3L+esIB1zfYC0p0fwIujNwgSNzgme6KuUmV4jcM36iPCNq/OgL72ZbpsU0PnrV3+tqVudSAVaLmolM+ClNgASeFuJ/zWKVSu4lDUD7JtIQxxPV+cYGypFON3p0d/UFV5g0Qf14UFkogUPlYGBSK3g1OaXYqvb+MRqwWPXUlMOI6MFuDj2KsND9rlIIrrSr/f87LvRn1WUAIn23Zya6s
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: MN2PR11MB4366.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: ce66ea25-edee-4423-0761-08d91aa8c8dc
X-MS-Exchange-CrossTenant-originalarrivaltime: 19 May 2021 09:30:47.5387 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: WRSkTzm++utbcMx+u2l3SpklD/h587HFleDYan8CuAtz/h7AxWEBtC6cuiBSpQljK721ow1t+aCOmzKK0Z/1eg==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL0PR11MB2899
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.37.102.19, xbe-rcd-004.cisco.com
X-Outbound-Node: alln-core-7.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/SlNWWovXYj3Dv1G5mC55ghnjDXk>
Subject: Re: [DNSOP] Robert Wilton's No Objection on draft-ietf-dnsop-nsec-ttl-04: (with COMMENT)
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 19 May 2021 09:30:55 -0000

Hi Peter,


> -----Original Message-----
> From: Peter van Dijk <peter.van.dijk@powerdns.com>
> Sent: 18 May 2021 18:26
> To: Rob Wilton (rwilton) <rwilton@cisco.com>; The IESG <iesg@ietf.org>
> Cc: draft-ietf-dnsop-nsec-ttl@ietf.org; dnsop-chairs@ietf.org;
> dnsop@ietf.org; tjw.ietf@gmail.com
> Subject: Re: [DNSOP] Robert Wilton's No Objection on draft-ietf-dnsop-
> nsec-ttl-04: (with COMMENT)
> 
> Hello Rob,
> 
> On Tue, 2021-05-18 at 08:04 -0700, Robert Wilton via Datatracker wrote:
> > ----------------------------------------------------------------------
> > COMMENT:
> > ----------------------------------------------------------------------
> >
> > Hi,
> >
> > Thanks for this document.
> >
> > Regarding:
> >
> > 3.4.  Updates to RFC8198
> >
> >    [RFC8198] section 5.4 (Consideration on TTL) is completely replaced
> >    by the following text:
> >
> >    |  The TTL value of negative information is especially important,
> >    |  because newly added domain names cannot be used while the negative
> >    |  information is effective.
> >    |
> >    |  Section 5 of [RFC2308] suggests a maximum default negative cache
> >    |  TTL value of 3 hours (10800).  It is RECOMMENDED that validating
> >    |  resolvers limit the maximum effective TTL value of negative
> >    |  responses (NSEC/NSEC3 RRs) to this same value.
> >    |
> >    |  A resolver that supports aggressive use of NSEC and NSEC3 MAY
> >    |  limit the TTL of NSEC and NSEC3 records to the lesser of the
> >    |  SOA.MINIMUM field and the TTL of the SOA in a response, if
> >    |  present.  It MAY also use a previously cached SOA for a zone to
> >    |  find these values.
> >
> > I'm not a DNS expert, and this is just a non binding comment, but I was
> > wondering why it is only "MAY" limit the TTL on NSEC and NSEC3 records
> to the
> > lesser of the SOA.MINIMUM field and the TTL of the SOA in a response
> rather
> > than a "SHOULD".
> 
> Thank you for your comment.
> 
> The old text was this:
> 
> > A resolver that supports aggressive use of NSEC and NSEC3 SHOULD reduce
> the TTL of NSEC and NSEC3 records to match the SOA.MINIMUM field in the
> authority section of a negative response, if SOA.MINIMUM is smaller.
> 
> but this text did nothing (this is also noted in section 1 of the draft),
> as signers/authoritatives already took that TTL from the SOA.MINIMUM field
> - which this document corrects.
> 
> Furthermore, during WG discussion we realised that in many cases, a
> validator handling NSEC/NSEC3 records would not have access to the
> relevant SOA at all - for example, in wildcard responses. 'SHOULD' is
> quite strong language for something that often is not even possible.
[RW] 
I agree.

> 
> And, finally, the MAY you ask about is behaviour that is only useful in
> validators until signers/authoritatives become compliant with this draft.
> It is a secondary measure (that the WG explicitly requested so as to
> attempt to solve the problem in multiple places) that should become
> irrelevant as signers (most of which already have software fixes pending,
> merged, or released) get upgraded.
> 
> I hope this answers your question; please let me know if not.
[RW] 
I think so, or at least I'm happy to defer to the WG's judgement here.

Thanks for the explanation.

Regards,
Rob


> 
> Kind regards,
> --
> Peter van Dijk
> PowerDNS.COM BV - https://www.powerdns.com/

v2.23.0 | Report a Bug | By Email