On 2011-06-20, at 01:00, Matthijs Mekking wrote: > I think you mean sections 4.6.4, 4.6.5 and 4.6.6. Those sections > (especially the first two) cover ZSK specific rollover and KSK specific > roll-over schemes and are relevant in case a zone is subject to a > KSK/ZSK Split Signing Scheme. > > However, if a zone is subject to a Single Type Signing Scheme, different > roll-over schemes are relevant. > > The main component of 4.6 already says: > > This component covers all aspects of zone signing, including the > cryptographic specification surrounding the Key Signing Key and Zone > Signing Key, *signing scheme* and methodology for key roll-over and > the actual zone signing. > > I think 4.6.4 and 4.6.5 cover methodology for key roll-over. I miss a > section that says "Signing Scheme: This subcomponent describes which > signing scheme is in use."
I think we may have different conceptions of what a "signing scheme" is (which may call for clarification of that in the definitions section). For me, signing scheme is the signature life-time and re-signing frequency, paired with the key roll-over schedule. What exactly is it you are missing? What would a drafter put in the "signing scheme" section which does not fit into any of the other subsections? -- Fredrik _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop