Hi Olafur, two things I see;
1) the CDNSKEY, since CDS and CDSNKEY are used interchangeably in the document, "inserts the corresponding DS RRset as requested" does not work for the CDNSKEY, the parental agent must compute a DS and pick an algorithm & digest type based on the Parental Agent policy. 2) if the parental agent does not 'like' the requested CDS parameters, then the parental agent can create a DS as per Parental agent policy, with algorithm & digest type of choosing. This supports parental agent that publish the DS as requested by the child, and support parental agent that want to publish DS conform to their policies. Jack ________________________________ From: Olafur Gudmundsson [o...@ogud.com] Sent: Thursday, April 07, 2016 10:36 PM To: Jacques Latour Cc: Tim Wicinski; dnsop; Olafur Gudmundsson Subject: Re: [DNSOP] Working Group Last Call for draft-ietf-dnsop-maintain-ds On Apr 7, 2016, at 11:40 AM, Jacques Latour <jacques.lat...@cira.ca<mailto:jacques.lat...@cira.ca>> wrote: Read it, like it, and >3.1 ... The parent retrieves the CDS and inserts the corresponding DS RRset as >requested, I think the parent can accept the CDS and insert the DS RRset as requested or as per Parent policy. Meaning the Parent could take the signed child DNSKEY and create DS RRset based on parent policy and not being forced to accept the CDS algorithm & Digest type. Maybe, the CDS record allows one to refer to a non published key i.e. one that is not in the DNSKEY RRset. Thus the CDS is “more” flexible than the DNSKEY as one can publish future KSK w/o placing one in the DNSKEY set (for size reasons) Olafur > -----Original Message----- > From: DNSOP [mailto:dnsop-boun...@ietf.org] On Behalf Of Tim Wicinski > Sent: April-03-16 5:29 PM > To: dnsop > Subject: [DNSOP] Working Group Last Call for draft-ietf-dnsop-maintain-ds > > This starts a Working Group Last Call for draft-ietf-dnsop-maintain-ds > > Current versions of the draft is available here: > > https://datatracker.ietf.org/doc/draft-ietf-dnsop-maintain-ds/ > > Please review the draft and offer relevant comments. Also, if someone feels > the document is *not* ready for publication, please speak out with your > reasons. > > Feel free to show up at DNSOP's Wednesday session and voice your approval > or disapproval. > > This starts a two week Working Group Last Call process, and ends on > 17 April 2016 > > thanks > tim > > _______________________________________________ > DNSOP mailing list > DNSOP@ietf.org<mailto:DNSOP@ietf.org> > https://www.ietf.org/mailman/listinfo/dnsop _______________________________________________ DNSOP mailing list DNSOP@ietf.org<mailto:DNSOP@ietf.org> https://www.ietf.org/mailman/listinfo/dnsop
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
