It appears that Patrick Mevzek via Datatracker <ietf-datatracker@xxxxxxxxxxxxxxxx> said: >However, I do find in §3 this to be a little weak: >" While it could support NSEC3 too, there is no benefit in introducing the >additional complexity associated with it." Because Motivation in §1 clearly >explains that this new scheme allows fewer number of NSEC records... and >mentions 3 of them are needed in NSEC3 case, so the benefit is (should be) even >better here for NSEC3 than NSEC. So I would suggest either giving more details >here on what would be additional complexity for NSEC3, or just removing the >whole line and stating unambiguously that the document applies only to zones >using NSEC. I think the point here is that NSEC3 is intended to prevent zone walking, but if you're doing this kind of signing, there's nothing to walk, so NSEC3 has no benefit. The text could be clearer. R's, John -- last-call mailing list -- last-call@xxxxxxxx To unsubscribe send an email to last-call-leave@xxxxxxxx
