I agree with Matthijs. Looking at 6781 that makes the most sense. tim
On Tue, Oct 25, 2016 at 8:17 AM, Matthijs Mekking <matth...@pletterpet.nl> wrote: > > > On 25-10-16 15:15, Marcos Sanz wrote: > >> Matthijs, >> >> my attention has been brought to the KSK rollover double-signature >>>> >>> style >> >>> described in 6781 and what I think is a mistake/oblivion there. >>>> >>> Section >> >>> 4.1.2 states >>>> >>> >> [...] >> >> You are right: DS_K_2 may only be provided to the parent *after* the TTL >>> >> >> of DNSKEY_K_1 has passed. RFC 7583 has more accurate timings for >>> rollovers. The corresponding timeline is described in section 3.3.1. >>> >> >> thanks for the pointer. RFC 7583 does it right. >> >> That begs for the question: how to deal with the wrong information >> propagated in 6781? Submit errata? Label it "Updated by 7583"? >> > > I think an errata is appropriate. > > Best regards, > Matthijs > > > > >> Best, >> Marcos >> >> _______________________________________________ >> DNSOP mailing list >> DNSOP@ietf.org >> https://www.ietf.org/mailman/listinfo/dnsop >> >> > _______________________________________________ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop >
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop