--- Begin Message ---
As someone who was closely involved at the time, and as one of the editors of
RFC5155, I can assure you that Verisign's decision to use NSEC3 was not in any
way related to GDPR, privacy, or zone-walking. Optionality was (and remains) a
requirement for signing the .COM zone due to its size. We could've signed with
NSEC if the "opt-in" feature had become a part of the standard. But NSEC
opt-in was rejected and so we embraced NSEC3 with opt-out.
--
David Blacka <[email protected]>
Verisign Fellow Product Engineering
On 4/14/21, 7:10 PM, "dns-operations on behalf of Dave Lawrence"
<[email protected] on behalf of [email protected]> wrote:
Caution: This email originated from outside the organization. Do not click
links or open attachments unless you recognize the sender and know the content
is safe.
To me, Andrew's retelling of the facts but for the emphasis.
There's stated reasons, then there's the motivating reasons. GDPR was
useful in making the argument, but Verisign and the pain of .com were
the real motivation.
_______________________________________________
dns-operations mailing list
[email protected]
smime.p7s
Description: S/MIME cryptographic signature
--- End Message ---
_______________________________________________
dns-operations mailing list
[email protected]
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
