Re: [DNSOP] Working Group Last Call for draft-ietf-dnsop-maintain-ds

Thu, 07 Apr 2016 19:37:23 -0700 

> On Apr 7, 2016, at 11:40 AM, Jacques Latour <jacques.lat...@cira.ca> wrote:
> 
> Read it, like it, and 
> 
> >3.1 ... The parent retrieves the CDS and inserts the corresponding DS RRset 
> >as requested,
> 
> I think the parent can accept the CDS and insert the DS RRset as requested or 
> as per Parent policy.
> 
> Meaning the Parent could take the signed child DNSKEY and create DS RRset 
> based on parent policy and not being forced to accept the CDS algorithm &  
> Digest type.

Maybe,  the CDS record allows one to refer to a non published key i.e. one that 
is not in the DNSKEY RRset. 
Thus the CDS is “more” flexible than the DNSKEY as one can publish future KSK 
w/o placing one in the DNSKEY set (for size reasons) 

Olafur

> 
> 
> 
> > -----Original Message-----
> > From: DNSOP [mailto:dnsop-boun...@ietf.org <mailto:dnsop-boun...@ietf.org>] 
> > On Behalf Of Tim Wicinski
> > Sent: April-03-16 5:29 PM
> > To: dnsop
> > Subject: [DNSOP] Working Group Last Call for draft-ietf-dnsop-maintain-ds
> > 
> > This starts a Working Group Last Call  for draft-ietf-dnsop-maintain-ds
> > 
> > Current versions of the draft is available here:
> > 
> > https://datatracker.ietf.org/doc/draft-ietf-dnsop-maintain-ds/ 
> > <https://datatracker.ietf.org/doc/draft-ietf-dnsop-maintain-ds/>
> > 
> > Please review the draft and offer relevant comments. Also, if someone feels
> > the document is *not* ready for publication, please speak out with your
> > reasons.
> > 
> > Feel free to show up at DNSOP's Wednesday session and voice your approval
> > or disapproval.
> > 
> > This starts a two week Working Group Last Call process, and ends on
> >        17 April 2016
> > 
> > thanks
> > tim
> > 
> > _______________________________________________
> > DNSOP mailing list
> > DNSOP@ietf.org <mailto:DNSOP@ietf.org>
> > https://www.ietf.org/mailman/listinfo/dnsop 
> > <https://www.ietf.org/mailman/listinfo/dnsop>
> _______________________________________________
> DNSOP mailing list
> DNSOP@ietf.org <mailto:DNSOP@ietf.org>
> https://www.ietf.org/mailman/listinfo/dnsop 
> <https://www.ietf.org/mailman/listinfo/dnsop>

_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop

Reply via email to