On Jul 29, 2022, at 8:58 AM, Peter van Dijk <peter.van.d...@powerdns.com> wrote: > The mention of 5011 talks about the root, but 5011 does not mention the > root at all. 5011 is not limited to the root.
It is limited to "trust anchors", and essentially all DNSSEC trust anchors are for the DNS root. Still, the wording can be improved. Current: - [RFC5011] explains how recursive resolvers and the DNS root can work together to automate the rollover of the root's key signing key (KSK). Proposed: - [RFC5011] describes a method to help resolvers update their DNSSEC trust anchors in an automated fashion. This method was used in 2018 to update the DNS root trust anchor. > In the list of "Additional Documents of Interest", I think 7129 deserves > to be pointed out as an especially important document, as NSEC/NSEC3 are > almost impossible to understand without it. Done. --Paul Hoffman
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop