DNS Security (DNSSEC) NextSECure (NSEC) RDATA Format
RFC 3845

Approval announcement
Draft of message to be sent after approval:

From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
Cc: Internet Architecture Board <iab@iab.org>,
    RFC Editor <rfc-editor@rfc-editor.org>, 
    dnsext mailing list <namedroppers@ops.ietf.org>, 
    dnsext chair <dnsext-chairs@tools.ietf.org>
Subject: Protocol Action: 'DNSSEC NSEC RDATA Format' to Proposed 
         Standard 

The IESG has approved the following document:

- 'DNSSEC NSEC RDATA Format '
   <draft-ietf-dnsext-nsec-rdata-07.txt> as a Proposed Standard

This document is the product of the DNS Extensions Working Group. 

The IESG contact persons are Thomas Narten and Mark Townsley.

A URL of this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-ietf-dnsext-nsec-rdata-07.txt

Technical Summary

The NSEC RR is based on the NXT RR as described in RFC 2535, and is
similar except for the name and typecode. The RDATA format for the NXT
RR has the limitation in that the RDATA could only carry information
about the existence of the first 127 types. RFC 2535 did reserve a bit
to specify an extension mechanism, but the mechanism was never
actually defined.

In order to avoid the need to develop an extension mechanism into a
deployed base of DNSSEC aware servers and resolvers once the first 127
type codes are allocated, this document redefines the wire format of
the "Type Bit Map" field in the NSEC RDATA to cover the full RR type
space.  The new format of the type bitmap is easy to implement, can
cover the full range of type codes, is economical in the common case
and has a maximum encoding size of approximately 8.5 kilobytes.
Efficient searching of the type bitmap for presence of a type had a
lower priority.

Working Group Summary

The format was chosen from 6 different candidates that were presented
to the working group. There is consensus on the chosen representation.
 

Protocol Quality

There are 3 independent implementations of this format. One
implementation provides both a server and a client, 1 implementation
only a server and 1 implementation only a client. These interoperate.

This document has been reviewed for the IESG by Thomas Narten.