<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Exchange Server">
<!-- converted from rtf -->
<style><!-- .EmailQuote { margin-left: 1pt; padding-left: 4pt; border-left: #800000 2px solid; } --></style>
</head>
<body>
<font face="Arial" size="2">
<div>-----BEGIN PGP SIGNED MESSAGE-----</div>
<div>Hash: SHA256</div>
<div> </div>
<div>> It's possible to implement. While we're on the subject, we should also</div>
<div>> implement the HIP RR (signer support required), and possibly some/all</div>
<div>> other Experimental RRs. Do we want to keep the signer and auditor in</div>
<div>> step with regard to the RR types they support?</div>
<div> </div>
<div>It would be desired that they support the same types of RR. And it would be desired that we support the experimental RRs + HIP. The support of RR types does not conflict with OpenDNSSEC release other than that the libraries and OpenDNSSEC share the same
developers. So currently we can only implement support if we got an request and that we have time to do it.</div>
<div> </div>
<div>Alex, do you have time for APL?</div>
<div> </div>
<div>But after 1.0.0 we should try to sync dnsruby and ldns.</div>
<div> </div>
<div>> > And also that the Auditor should skip RR which it does not</div>
<div>> > understand. But what would happen with NSEC/NSEC3 with this RR in its</div>
<div>> bitmap?</div>
<div>> </div>
<div>> The auditor should be able to note the type (which it didn't understand</div>
<div>> the RR for) as occurring at the name, and then expect that type to</div>
<div>> appear in the NSEC(3) bitmap, without understanding the RR itself. Of</div>
<div>> course, it would not be able to verify the RRSIG for the RRSet of the</div>
<div>> unsupported type - it would simply skip that check.</div>
<div>> </div>
<div>> I could add this functionality if it was desired?</div>
<div> </div>
<div>I think it would be good, even if the dnsruby and ldns are in sync. It might be that the user has an old dnsruby installed. And a unknown RR type (not TYPExx) will now stop the auditing. But the code change is a little bit big, so perhaps do it after 1.0.0?</div>
<div> </div>
<div>-----BEGIN PGP SIGNATURE-----</div>
<div>Version: 9.8.3 (Build 4028)</div>
<div>Charset: utf-8</div>
<div> </div>
<div>wsBVAwUBSx5nQuCjgaNTdVjaAQhn2wgAqp72ka/+9JXnTdzywEF5PajoBAesczHy</div>
<div>Eu6U3/0ZGn/uf6ozMXB41mnkIQo3kvhjSjUBc8hrsJxDzNjSx16VEWG4xvjxqI9A</div>
<div>A1wiGFS17FO8PCG/QBkrNLuWjWgYPjf3HO4pSVMWU8nrgv6eKZ3hiZhSdIde6eAJ</div>
<div>iAZnA0pJ9ecJkonXemU3F6i7f3GSnXwEl3N47HwyHsKi6HDyf83nmvaymyVnScIs</div>
<div>plYNIuLgHJvgYv/P6n95xt24hBjZ7zwsqqbNFAyiLcsMVFShyQ6amQ60QwMLTKth</div>
<div>ZHEYWjQplMPNWhCJcmw6Xk521JYcAft0VMqtTdDobsLKotDvmO9fdw==</div>
<div>=0DQo</div>
<div>-----END PGP SIGNATURE-----</div>
<div> </div>
<div> </div>
</font>
</body>
</html>