DNS Security (DNSSEC) NextSECure (NSEC) RDATA Format
Draft of message to be sent after approval:
From: The IESG <firstname.lastname@example.org> To: IETF-Announce <email@example.com> Cc: Internet Architecture Board <firstname.lastname@example.org>, RFC Editor <email@example.com>, dnsext mailing list <firstname.lastname@example.org>, dnsext chair <email@example.com> Subject: Protocol Action: 'DNSSEC NSEC RDATA Format' to Proposed Standard The IESG has approved the following document: - 'DNSSEC NSEC RDATA Format ' <draft-ietf-dnsext-nsec-rdata-07.txt> as a Proposed Standard This document is the product of the DNS Extensions Working Group. The IESG contact persons are Thomas Narten and Mark Townsley. A URL of this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-dnsext-nsec-rdata-07.txt
Technical Summary The NSEC RR is based on the NXT RR as described in RFC 2535, and is similar except for the name and typecode. The RDATA format for the NXT RR has the limitation in that the RDATA could only carry information about the existence of the first 127 types. RFC 2535 did reserve a bit to specify an extension mechanism, but the mechanism was never actually defined. In order to avoid the need to develop an extension mechanism into a deployed base of DNSSEC aware servers and resolvers once the first 127 type codes are allocated, this document redefines the wire format of the "Type Bit Map" field in the NSEC RDATA to cover the full RR type space. The new format of the type bitmap is easy to implement, can cover the full range of type codes, is economical in the common case and has a maximum encoding size of approximately 8.5 kilobytes. Efficient searching of the type bitmap for presence of a type had a lower priority. Working Group Summary The format was chosen from 6 different candidates that were presented to the working group. There is consensus on the chosen representation. Protocol Quality There are 3 independent implementations of this format. One implementation provides both a server and a client, 1 implementation only a server and 1 implementation only a client. These interoperate. This document has been reviewed for the IESG by Thomas Narten.