On 5/11/2009, at 10:45 AM, Matthew Dempsky wrote:
I'd appreciate if someone could clarify what the "large responses" that will preexist "actual DNSSEC usable data" that Bill Manning is referring to are. It's unclear to me whether it's still technically DNSSEC data and hence would require a client to send DO=1, or if it will be something like large additional section TXT records or just trailing bytes.
As far as I am aware, yes it is real DNSSEC data so yes it will require DO=1 but the keys will be dummy keys (i.e. secret) that cannot be configured as trust anchors and so the signatures will be ignored. At the end of that phase, real keys will be used and published.
See http://sel.icann.org/meetings/seoul2009/presentation-dnssec-workshop-lamb-28oct09-en.pdf for more details Jay -- Jay Daley Chief Executive .nz Registry Services desk: +64 4 931 6977 mobile: +64 21 678840 _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop