Dear WG,
I've implemented parts from RFC4641 in an automated zone signing and key
rollover tool.
Currently I'm looking for extensions to use this tool for the rollover
of keys on dynamic dns zones.
In this context I think that section 4.2.1.1 "Pre-Publish Key Rollover"
does not fulfill all the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi Andrew,
Also following the dns64 discussion, I thought the real issue was if we
had a security-aware validating stub that does not understand
translation. The stub resolver sets the CD bit but has no clue of how to
do the translation.
Regarding th
Generally: Thumbs up for this version!
However, one legacy nit has been left untouched.
In Section 5, 2nd para:
s/number trust anchors/number of trust anchors/!
^
(No new draft version needed, wait for opportunity to fix!)
Kind regards,
Alfred
On Wed, Mar 25, 2009 at 11:08:08AM -0700, Matthijs Mekking wrote:
> Also following the dns64 discussion, I thought the real issue was if we
> had a security-aware validating stub that does not understand
> translation. The stub resolver sets the CD bit but has no clue of how to
> do the translatio