On Aug 3, 2022, at 6:48 AM, Gavin McCullagh <gmccull...@gmail.com> wrote: > > > > Nonetheless, the significant deployment of > > DNSSEC within some top-level domains (TLDs), and the near-universal > > deployment of DNSSEC in the TLDs, demonstrate that DNSSEC is suitable > > for implementation by both ordinary and highly sophisticated domain > > owners. > > Maybe it's my lack of dns inside baseball terminology
Nope; it was just my unclear writing. > but I found the hard distinction between "within" and "in" a bit confusing > here and had to re-read to grok what was meant. It might be clearer to > contrast e.g. "at the TLDs" with "below/within some TLDs" to bring out the > distinction. Proposed fix: Nonetheless, the significant deployment of DNSSEC beneath some top-level domains (TLDs), and the near-universal deployment of DNSSEC for the TLDs in the DNS root zone, > > > * [RFC7344] describes using the CDS and CDNSKEY resource records to > > help automate the creation of DS records in the parents of signed > > zones. > > The term used in the RFC is "maintenance" as opposed to "creation" which > seems more precise, given that CDS does not directly address initial creation > of a DS. Good catch! Fixed. --Paul Hoffman
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop