On Apr 16, 2014, at 8:02 AM, Warren Kumari <war...@kumari.net<mailto:war...@kumari.net>> wrote:
I think I made it even clearer: The first time a DNS operator signs a zone, they need to communicate the keying material to their parent through some out-of-band method to complete the chain of trust. Depending on the desires of the parent, the child might send their DNSKEY record, a DS record, or both. Good? Looks good to me. The whole document is looking very good. I've been reading the conversation and initially had some concerns but others already addressed the points (and so I felt no need to add to the queue of messages). Dan -- Dan York Senior Content Strategist, Internet Society y...@isoc.org<mailto:y...@isoc.org> +1-802-735-1624 Jabber: y...@jabber.isoc.org<mailto:y...@jabber.isoc.org> Skype: danyork http://twitter.com/danyork http://www.internetsociety.org/deploy360/
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop