Re: [DNSOP] draft-fujiwara-dnsop-nsec-aggressiveuse-01.txt

Paul Vixie <paul@redbarn.org> Mon, 26 October 2015 06:39 UTC

Return-Path: <paul@redbarn.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A26751A1A50 for <dnsop@ietfa.amsl.com>; Sun, 25 Oct 2015 23:39:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.789
X-Spam-Level:
X-Spam-Status: No, score=0.789 tagged_above=-999 required=5 tests=[BAYES_50=0.8, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2_Npa9f1Cw8j for <dnsop@ietfa.amsl.com>; Sun, 25 Oct 2015 23:39:27 -0700 (PDT)
Received: from family.redbarn.org (family.redbarn.org [IPv6:2001:559:8000:cd::5]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CB9FE1A1A48 for <dnsop@ietf.org>; Sun, 25 Oct 2015 23:39:27 -0700 (PDT)
Received: from sume.local (unknown [183.177.122.38]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by family.redbarn.org (Postfix) with ESMTPSA id EB3D613B46; Mon, 26 Oct 2015 06:39:26 +0000 (UTC)
From: Paul Vixie <paul@redbarn.org>
To: Stephane Bortzmeyer <bortzmeyer@nic.fr>
Date: Sun, 25 Oct 2015 23:39:25 -0700
Message-ID: <4681433.xxzpcmHjWT@sume.local>
Organization: Vixie Enterprises
User-Agent: KMail/4.14.10 (Linux/4.1.10-1-default; KDE/4.14.10; x86_64; ; )
In-Reply-To: <20151025104914.GA23386@sources.org>
References: <20150310.191541.52184726.fujiwara@jprs.co.jp> <5753B8EC-60EC-44F3-872E-94766558EE50@redbarn.org> <20151025104914.GA23386@sources.org>
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"
Archived-At: <http://mailarchive.ietf.org/arch/msg/dnsop/piwnLLiSYd_yQwWv6ngW5K5aVwU>
Cc: dnsop <dnsop@ietf.org>
Subject: Re: [DNSOP] draft-fujiwara-dnsop-nsec-aggressiveuse-01.txt
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 26 Oct 2015 06:39:28 -0000

sanity check, someone?

i believe that in dnssec, an empty non-terminal has a proof that the name 
exists, and a proof that there are no RR's. thus, vastly different from the 
signaling for NXDOMAIN.

this ought to end, for all time, the debate about whether empty nonterminals 
exist or not. (there are some authority servers who return NXDOMAIN for them, 
and we need to know whether those servers are wrong, before we advance query 
minimization.)

vixie