Technical Summary
The NSEC RR is based on the NXT RR as described in RFC 2535, and is
similar except for the name and typecode. The RDATA format for the NXT
RR has the limitation in that the RDATA could only carry information
about the existence of the first 127 types. RFC 2535 did reserve a bit
to specify an extension mechanism, but the mechanism was never
actually defined.
In order to avoid the need to develop an extension mechanism into a
deployed base of DNSSEC aware servers and resolvers once the first 127
type codes are allocated, this document redefines the wire format of
the "Type Bit Map" field in the NSEC RDATA to cover the full RR type
space. The new format of the type bitmap is easy to implement, can
cover the full range of type codes, is economical in the common case
and has a maximum encoding size of approximately 8.5 kilobytes.
Efficient searching of the type bitmap for presence of a type had a
lower priority.
Working Group Summary
The format was chosen from 6 different candidates that were presented
to the working group. There is consensus on the chosen representation.
Protocol Quality
There are 3 independent implementations of this format. One
implementation provides both a server and a client, 1 implementation
only a server and 1 implementation only a client. These interoperate.
This document has been reviewed for the IESG by Thomas Narten.