> Nonetheless, the significant deployment of > DNSSEC within some top-level domains (TLDs), and the near-universal > deployment of DNSSEC in the TLDs, demonstrate that DNSSEC is suitable > for implementation by both ordinary and highly sophisticated domain > owners.
Maybe it's my lack of dns inside baseball terminology but I found the hard distinction between "within" and "in" a bit confusing here and had to re-read to grok what was meant. It might be clearer to contrast e.g. "at the TLDs" with "below/within some TLDs" to bring out the distinction. > * [RFC7344] describes using the CDS and CDNSKEY resource records to > help automate the creation of DS records in the parents of signed > zones. The term used in the RFC is "maintenance" as opposed to "creation" which seems more precise, given that CDS does not directly address initial creation of a DS. Gavin
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop