How about something with a little more explanation and a slightly stronger suggestion?
When designing a registry system one should consider which of the DNSKEYs and/or the corresponding DSs to store [or accept from registrants?]. Since a child zone might wish to have a DS published using a message digest algorithm not yet understood by the registry, the registry can't count on being able to generate the DS record from a raw DNSKEY. Thus, we recommend that registry system at least support storing [accepting] DS records. It may also be useful to store [accept] DNSKEYs, since having them may help during troubleshooting and, so long as the child's chosen message digest is supported, the overhead of generating DS records from them is minimal. Having an out-of-band mechanism, such as a Whois database, to find out which keys are used to generate DS Resource Records for specific owners and/or zones may also help with troubleshooting. . dnsop resources:_____________________________________________________ web user interface: http://darkwing.uoregon.edu/~llynch/dnsop.html mhonarc archive: http://darkwing.uoregon.edu/~llynch/dnsop/index.html
