At 03:48 AM 28/10/2006, Bernard Aboba wrote:
Joe Abley said:
"Apologies to all concerned if I'm rudely pointing out the elephant in the
living room. This is one of two separate specifications for DLV. The
document at
http://www.isc.org/pubs/tn/isc-tn-2006-1.txt
describes an approach called "DNSSEC Lookaside Validation (DLV)" which
uses the same DLV resource record specified in RFC 4431. This
specification is implemented in BIND 9, as far as I know.
I haven't compared draft-weiler-dnssec-dlv-01 with the ISC tech note
closely, but since the text is different it seems likely that
implementations based on one would likely differ from those based on the
other, from different interpretations of the text if not from fundamental
differences in approach."
Thanks for pointing this out. As a matter of practical reality, a DNSSEC
implementer will probably opt for compatibility with BIND 9 without
compelling reasons to do otherwise. Therefore, I'd suggest that one of
the following actions needs to occur before publication of draft-weiler
would be advisable:
a. Review by the BIND 9 maintainers to determine whether existing
implementations are compatible with draft-weiler.
b. If incompatibilities are found, then agreement by the BIND 9
maintainers that they will make the changes necessary to upgrade to
draft-weiler.
or, more radically:
a. Review by the draft-weiler author(s) to determine whether existing
implementations are compatible with draft-weiler.
b. If incompatibilities are found, then the author of draft-weiler
to make the changes necessary in the draft to match the running code.
(or have we all entered a state of blissful collective amnesia about
that annoying
thing called "running code"?)
Geoff
_______________________________________________
Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf