3.  Zone Enumeration

4.  Zone Enumeration II

5.  Zone Enumeration III

6.  Exposure of Contents

7.  Zone Size

8.  Single Method

9.  Empty Non-terminals

10.  Prevention of Precomputed Dictionary Attacks

11.  DNSSEC-Adoption and Zone-Growth Relationship

12.  Non-overlap of denial records with possible zone records

13.  Exposure of Private Keys

14.  Minimisation of Zone Signing Cost

15.  Minimisation of Asymmetry (a)

16.  Minimisation of Client Complexity (a)

17.  Completeness

18.  Purity of Namespace

19.  Replay Attacks

20.  Compatibility with NSEC

21.  Compatibility with NSEC II

22.  Compatibility with NSEC III (a)

24.  Coexistence with NSEC

25.  Coexistence with NSEC II

27.  Protocol Design

3.  Zone Enumeration

(b)

A proposal exists that reconciles these two, or it is obvious they can be, or they are unrelated

4.  Zone Enumeration II

(b)

No proposal exists to reconcile these two, nor is it obvious they can be

5.  Zone Enumeration III

(b)

These two cannot be reconciled

6.  Exposure of Contents

(b)

The left requirement implies the right one

7.  Zone Size

8.  Single Method

9.  Empty Non-terminals

10.  Prevention of Precomputed Dictionary Attacks

(b)

(a) Since this is expressed as a minimisation, it is always possible to satisfy

11.  DNSSEC-Adoption and Zone-Growth Relationship

(b) Although this is technically a problem, the probabilities involved are astronomically low

12.  Non-overlap of denial records with possible zone records

13.  Exposure of Private Keys

14.  Minimisation of Zone Signing Cost

15.  Minimisation of Asymmetry (a)

16.  Minimisation of Client Complexity (a)

17.  Completeness

18.  Purity of Namespace

19.  Replay Attacks

20.  Compatibility with NSEC

21.  Compatibility with NSEC II

22.  Compatibility with NSEC III (a)

24.  Coexistence with NSEC

25.  Coexistence with NSEC II

27.  Protocol Design