DNS Security (DNSSEC) NextSECure (NSEC) RDATA Format
RFC 3845

Note: This ballot was opened for revision 06 and is now closed.

(Thomas Narten) Yes

(Harald Alvestrand) No Objection

Comment (2004-05-26)
No email
send info
Reviewed by Mark Allman, Gen-ART
Minor things ...

  + old boilerplate

  + look for "must" and think about whether it should be "MUST"

  + the citation to "RFC TCR" since it's an i-d

The document seems fine to me.

(Margaret Cullen) No Objection

(Bill Fenner) No Objection

(Ted Hardie) No Objection

(Scott Hollenbeck) No Objection

Comment (2004-05-20)
No email
send info
The graphic in section 2.1 should note that the fields are of variable length as described in later text.  The length appears to be fixed at 32 units, but no units are specified and there's nothing to note that the fields can be shorter or longer unless one assumes that the "/" characters imply variability.

(Russ Housley) No Objection

(David Kessens) No Objection

(Allison Mankin) (was Yes) No Objection

Comment (2004-05-27)
No email
send info
 There was a quite clear WG consensus determination on NXT's/NSEC's privacy issues years
ago with European regulations and the DNS design in mind then.  Perhaps the problem
was lack of community-wide Last Call at that time.  Hmm.

(Jon Peterson) No Objection

(Bert Wijnen) No Objection

Comment (2004-05-26)
No email
send info
Front page (top left) has: Updates: RFC 2535, RFC TCR (if approved)

- We normally want the "Updates xxx..." also in the abstract.

I wonder if the security considerations section should have some
text about the privacy-concerns that have apparantly been discussed.

(Alex Zinin) No Objection

(Steven Bellovin) Abstain

Comment (2004-05-24)
No email
send info
I'm very concerned by reports that some European sites can't/won't deploy NSEC because they feel it conflicts with European privacy law.  I have sympathy for this position -- I wrote my own draft addressing the issue 2.5 years ago.  But we have an installed base that uses a similar technique (NXT records), which leaves us with the problem of running code that may not be deployable.