On Tue, Jan 21, 2020 at 11:31 AM Frederico A C Neves <fne...@registro.br> wrote:
> Hi Shumon, > [...] > Actually the algorithm rollover, following the liberal approach, is a > pure double signing process. With TTLs tuned it is during a short > interval but still double signing the zone. > > ftp://ftp.registro.br/pub/gts/gts32/01-br-algorithm-rollover.pdf > > Hi Fred - thanks for this. I guess I misunderstood your report when I originally read it. > > > > This also begs the question: should we (in another document) update RFC > > 4035, Section 2 (last paragraph) to relax or eliminate the rule, if in > fact > > it is being ignored? > > I guess 6840 sec 5.11 already clarifies it. 4035 sec 2.2 is talking > about signers. > Yeah, it clarifies it in a somewhat contradictory (and not required for interoperability) way though. I'll elaborate in another reply to Matthijs .. -- Shumon.
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop