On 3/2/23 00:14, Joe Abley wrote:
We are not talking about lies. Referring to these kinds of negative responses as lies is confusing and unhelpful. They are signed responses, and the point of signing them is that they are verifiably true. I think "lies" refers to an assumption that a single NSEC makes a maximal assertion about what does not exist and that either side of that expanse of empty sand lies a soothing oasis of existence. However theprotocol doesn't require that to be the case. A single NSEC can cover a single grain of sand, and the mystery of the desert can remain substantially intact.
As always, the truth lies with you. ;-) (In other words, ack.) ~Peter -- https://desec.io/ _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
