Rewrite of the specification of DNSSEC03

[matsduf]

Purpose

This is a complete rewrite of the specification for DNSSEC03:

• Format based on template
• Updated to match new RFC
• Extended to check not only iteration value, but also the other parameters in the NSEC3 record.

Context

Resolves #1177, #1047, #1039 and #948. Resolves does not necessarily mean that this PR follow the issues, but when this PR has been completed those issues can be closed.

This PR introduces a new argument name, which means that Argument list must be updated (-> see #1190).

When this PR has been completed, the implementation must also be rewritten.

Test zones are available in #1218.

How to test this PR

Review the specification.

[tgreenx]

The specification reads well and I have not found any errors in the Test Procedure.

[matsduf]

@tgreenx, thanks for your review!

[matsduf]

@mustafa-alrifaee writes in #1177 (comment):

Regarding the new modification on the test case DNSSEC03, what is the expected behavior now if the NSEC3 Parameter Settings in the zone do not comply with RFC 9276? Will it trigger a warning? Does it make sense for the recommendation to be just a warning without failing the test?

Both non-zero iteration and non-empty salt will result in message tags (DS03_ILLEGAL_ITERATION_VALUE and DS03_ILLEGAL_SALT_LENGTH, respectively) have ERROR level as default values according to the proposal.

@mustafa-alrifaee, doesn't that meet your proposal?

[matsduf]

However, as discussed in the last F2F, before we merge we should also have the specification of test zones (here or in another PR) for this Test Case.

Test zones are now available in #1218.

[matsduf]

@tgreenx, please re-review this and #1218.

[matsduf]

@tgreenx and @marc-vanderwal, please re-review.

[marc-vanderwal]

Looks good to me!