DNSEXT 1
Roughly half of the work is done on DNSSEC specs
Semantics of the AD bit.
- There is a need for more information than what can be put in one bit
- Trust the bit only if the path to the entity that sets the bit and the resolver is secured.
OPT-IN proposal
- OPT-IN has made some problems more specific
- Wildcards and the denial of existence thereof
- Cache behavior; NXT is a property of QNAME/QCLASS/QTYPE
- OPT-IN and AD bit do not mingle well
- OPT-IN is still under discussion and no final consensus has been reached.
- OPT-IN and DS both incompatible with RFC2535.
- DS is in it’s final stages. The decision if OPT-IN will go into doc-set will be made mid September