RFC Errata


Errata Search

 
Source of RFC  
Summary Table Full Records

RFC 4035, "Protocol Modifications for the DNS Security Extensions", March 2005

Note: This RFC has been updated by RFC 4470, RFC 6014, RFC 6840, RFC 8198, RFC 9077, RFC 9520

Source of RFC: dnsext (int)

Errata ID: 7972
Status: Rejected
Type: Technical
Publication Format(s) : TEXT

Reported By: Nate Choe
Date Reported: 2024-06-06
Rejected by: Eric Vyncke
Date Rejected: 2024-06-07

Section 4.2 says:

   Security-aware resolvers MAY query for missing security RRs in an
   attempt to perform validation; implementations that choose to do so
   must be aware that the answers received may not be sufficient to
   validate the original response.  For example, a zone update may have
   changed (or deleted) the desired information between the original and
   follow-up queries.

It should say:

   Security-aware resolvers MAY query for missing security RRs in an
   attempt to perform validation; implementations that choose to do so
   MUST be aware that the answers received may not be sufficient to
   validate the original response.  For example, a zone update may have
   changed (or deleted) the desired information between the original and
   follow-up queries.

Notes:

"MUST" is a key word according to RFC 2119/BCP 14 and should be capitalized.
--VERIFIER NOTES--
As it appears to the original authors, remaining members of dnsext mailing list, and myself as INT AD, the "must" here is not normative and should be kept in lowercase.

See also:
https://mailarchive.ietf.org/arch/msg/dnsext/1PZ58ajXFj_RodKgHzus6d6UB-U/

Report New Errata



Advanced Search