According to Viktor Dukhovni via gtld-tech <ietf-dane@dukhovni.org>:
On Tue, Sep 13, 2022 at 03:09:26AM +0000, Eduardo Alvarez wrote:
We are currently working on other functional aspects of the system, but we will take note of these suggestions for the team to consider implementing into CZDS in the future.
So it may be prudent for ICANN to look for ways to slim it down, and dropping the "derived" DNSSEC records (RRSIG and NSEC3 in this case) would considerably reduce the .COM zone footprint.
I agree that it would make sense to strip the RRSIG and NSEC/NSEC3 records out of the distributed zone files. Before the zone files are distributed, there is already an editing process to remove cruft in the AXFR zone files. (For a while they had comments telling us where the hidden masters were.) It should not be hard to adjust the de-crufter to remove RRSIG and NSEC and NSEC3 as well. R's, John