Re: [DNSOP] Working Group Last Call on "Aggressive use of NSEC/NSEC3"

Warren Kumari <> Tue, 04 October 2016 16:56 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 3AE351293D6 for <>; Tue, 4 Oct 2016 09:56:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id QdRKOBWmF8a3 for <>; Tue, 4 Oct 2016 09:56:51 -0700 (PDT)
Received: from ( [IPv6:2607:f8b0:400d:c09::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 75C0C127735 for <>; Tue, 4 Oct 2016 09:56:51 -0700 (PDT)
Received: by with SMTP id j129so189012825qkd.1 for <>; Tue, 04 Oct 2016 09:56:51 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=UOnE7uf47XTNcXStTaPSLWba03jDJjq23QkE+PWFCvo=; b=haq+Pn9urfCKTsn5UVkt1NjyfDzHISN4n3UW8SduvkuW2gDJGGPVYbu+9Zx1EIbDQL Y2LnV3pQNMOrNkziWcEiP8kqQiK4OjHe9yYy5/E4cdPTYXCQDb6HTw4TvblyJyuZjW+9 xP4Rjd4sHcgd2EEmfyQSTcHugHj9twCd6g1x6ODYL8QNVjz3KpkanLhOHZadGzuRtAiZ TUCk1T8xtgzS20Sfvr8qj50xaocSrvaG/noDPkbBSaBV+h0VR6QijBzbY1AoS6KsTTz1 Qz8tm8mIRSEL9ePBbCNToIkw/Q6GuZhTG36lGmpe4ov5U6PSAHRUi0an2sRMwaVzJtyI roiw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=UOnE7uf47XTNcXStTaPSLWba03jDJjq23QkE+PWFCvo=; b=TW3OV0yQbtWYuExeQY+YKuCkpcWyb5Kq2QCEjM1Bfy7lDh+9o2eWnG/+PPp6yLJCHa cP0E801HRnhuwTN2RaUb+61LA6ih+FHNTlZ91asGdVCXE9KabEOsDAJci+j4BIU9ygDm vlLxyqXHZr6xjp+VZ0zORHJC0Y8v5v4nK0x0xn+X8LYme7MFNsEbb35PsrzdwMT5Ld1E M/58SsZXFIe58cRDTDnsTgOWJYuUeb9dZ+PKtVlaYtddLcldmkXjNtZTTXHkaZcbq5Fg lIbEK0p9OK6ibHIBbgoSLORuFzQQ3vi+mh/EivHOh25VkWOj1PMsvAWgfvjR491zly+k +ROg==
X-Gm-Message-State: AA6/9RlqYTcPXV2SbLnnFo0GDDXEjT0OKIqcvHn/u34iKkHfQQJoaaxVEMTirrK0n3s/jDClMXCXMCTI7rEOJYSl
X-Received: by with SMTP id y128mr4527695qke.134.1475600210559; Tue, 04 Oct 2016 09:56:50 -0700 (PDT)
MIME-Version: 1.0
Received: by with HTTP; Tue, 4 Oct 2016 09:56:20 -0700 (PDT)
In-Reply-To: <20160922150453.93721.qmail@ary.lan>
References: <> <20160922150453.93721.qmail@ary.lan>
From: Warren Kumari <>
Date: Tue, 4 Oct 2016 12:56:20 -0400
Message-ID: <>
To: John Levine <>
Content-Type: text/plain; charset=UTF-8
Archived-At: <>
Cc: Tim Wicinski <>, dnsop <>
Subject: Re: [DNSOP] Working Group Last Call on "Aggressive use of NSEC/NSEC3"
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF DNSOP WG mailing list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 04 Oct 2016 16:56:53 -0000

On Thu, Sep 22, 2016 at 11:04 AM, John Levine <> wrote:
>>Please review the draft and offer relevant comments. Also, if someone
>>feels the document is *not* ready for publication, please speak out with
>>your reasons.
> I think it's ready to publish with one small caveat.  In section 5.1,
> the text in the box says "resolvers MAY use NSEC/NSEC3 resource
> records" and the text in the next paragraph says "the resolver SHOULD
> use NSEC/NSEC3/wildcard records".  There's a similar MAY in the box in
> section 7.
> The authors SHOULD make up their minds.  Assuming they really believe
> this is a good idea, change the MAY's to SHOULD.

Doh. Thanks.
This was simply sloppiness on my part.

(my editor shows pre-formatted / figure text on a yellow background,
and my eye's now assume that that is protocol layout, so I skip over
it :-)).
Fixed and pushed to repo in
- will publish new version with these integrated soon.


> R's,
> John
> _______________________________________________
> DNSOP mailing list

I don't think the execution is relevant when it was obviously a bad
idea in the first place.
This is like putting rabid weasels in your pants, and later expressing
regret at having chosen those particular rabid weasels and that pair
of pants.