Re: part II - Re: Remarks on the DNS Security Extension Clarification on Zone Status draft

[Edward Lewis <lewis@tislabs.com>]

At 6:04 AM -0400 5/29/00, Roy Arends wrote:
>If the draft would have proposed that the meaning of a KEY bit set
>in the NXT RR   AND   no KEY RR is present, were :
>   "a NULL-KEY is implied"
>we would not have this problem. This would then also be downward
>compatible.

I think this is where I am heading with the draft.

The bit would be on if the parent signs a key set for the child that
includes a zone key, hence "securing" the child.

The problem with allowing both the NULL KEY to signify an unsigned child
*and* a bit setting in the NXT is that this complicates life for the
resolver (and I don't mean that only the code is hard to write).

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis                                                NAI Labs
Phone: +1 443-259-2352                      Email: lewis@tislabs.com

"It takes years of training to know when to do nothing" - Dogbert

Opinions expressed are property of my evil twin, not my employer.




to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.