DNS Security (DNSSEC) NextSECure (NSEC) RDATA Format
RFC 3845
Yes
No Objection
Abstain
Note: This ballot was opened for revision 06 and is now closed.
(Thomas Narten; former steering group member) Yes
(Alex Zinin; former steering group member) No Objection
(Allison Mankin; former steering group member) (was Yes) No Objection
There was a quite clear WG consensus determination on NXT's/NSEC's privacy issues years ago with European regulations and the DNS design in mind then. Perhaps the problem was lack of community-wide Last Call at that time. Hmm.
(Bert Wijnen; former steering group member) No Objection
Front page (top left) has: Updates: RFC 2535, RFC TCR (if approved) - We normally want the "Updates xxx..." also in the abstract. I wonder if the security considerations section should have some text about the privacy-concerns that have apparantly been discussed.
(Bill Fenner; former steering group member) No Objection
(David Kessens; former steering group member) No Objection
(Harald Alvestrand; former steering group member) No Objection
Reviewed by Mark Allman, Gen-ART Minor things ... + old boilerplate + look for "must" and think about whether it should be "MUST" + the citation to "RFC TCR" since it's an i-d The document seems fine to me.
(Jon Peterson; former steering group member) No Objection
(Margaret Cullen; former steering group member) No Objection
(Russ Housley; former steering group member) No Objection
(Scott Hollenbeck; former steering group member) No Objection
The graphic in section 2.1 should note that the fields are of variable length as described in later text. The length appears to be fixed at 32 units, but no units are specified and there's nothing to note that the fields can be shorter or longer unless one assumes that the "/" characters imply variability.
(Ted Hardie; former steering group member) No Objection
(Steven Bellovin; former steering group member) Abstain
I'm very concerned by reports that some European sites can't/won't deploy NSEC because they feel it conflicts with European privacy law. I have sympathy for this position -- I wrote my own draft addressing the issue 2.5 years ago. But we have an installed base that uses a similar technique (NXT records), which leaves us with the problem of running code that may not be deployable.