Hi Paul and
the RSN Work Party,
I'm sorry that I did not follow the drafting process very closely untill recently. After reviewing the latest version, I think it is well composed and balanced. And I do leave some comments and minor edits in the Google doc. I would like to put some points donw in this mail for discussion. I hope it will be helpful.
* Regarding the fragmentation, the concern can be relieved by optionally excluding partially or all glues in the additional section at the cost of increasing the round-trip delay. IMHO, the round-trip delay or additional queries for priming or DNSSEC priming is not a big issue because priming query is quite rare and only emitted when resolver bootstraps itself.
* In section 5.5 "Names Delegated to Each Operator", the additional section of the priming response may not return all A and AAAA glue. It depends on the DNS implementations. AFAIK, Bind9 only returns the A and AAAA glue of responding root server. It is in that If the zones hosted by root server A is not authoritative for the
name of root server B, the additional section of priming response from A will
not include the glue of B. It is exactly the case in Yeti DNS Project where
normal domain name is used as the name of root server. I think it is also true
for "a.root-servers" and the case of
short label "a".
* In addition, #5.5 makes it possible to incrementally deploy DNSSEC support for individual root names. The DNSSEC deployment overhead is durable I think if you intend to ask for multiple participants to run the root system. In contrary, it introduces diversity to the system.
* If possbile, i would like to make a recommandation on : Study the impact of additional queries after priming exchange. It is possible that by adding addtional queries, it will make it easier to balance the priming performance and response size limitation.
Again, thanks Paul and other contributors of this document. It's an excellent piece of work.
Cheers,
Davey