Joe Abley said: "Apologies to all concerned if I'm rudely pointing out the elephant in the living room. This is one of two separate specifications for DLV. The document at http://www.isc.org/pubs/tn/isc-tn-2006-1.txt describes an approach called "DNSSEC Lookaside Validation (DLV)" which uses the same DLV resource record specified in RFC 4431. This specification is implemented in BIND 9, as far as I know. I haven't compared draft-weiler-dnssec-dlv-01 with the ISC tech note closely, but since the text is different it seems likely that implementations based on one would likely differ from those based on the other, from different interpretations of the text if not from fundamental differences in approach." Thanks for pointing this out. As a matter of practical reality, a DNSSEC implementer will probably opt for compatibility with BIND 9 without compelling reasons to do otherwise. Therefore, I'd suggest that one of the following actions needs to occur before publication of draft-weiler would be advisable: a. Review by the BIND 9 maintainers to determine whether existing implementations are compatible with draft-weiler. b. If incompatibilities are found, then agreement by the BIND 9 maintainers that they will make the changes necessary to upgrade to draft-weiler. _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf