[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: one review of the DS thingy by WestWes
>>>>> On Tue, 6 Dec 2005 13:46:30 -0500, Edward Lewis <Ed.Lewis@neustar.biz> said:
Ed, thanks for the review...
Edward> The DS RRset is signed by at least one of the parent zone's private
Edward> zone data signing keys for each algorithm in use by the parent. Each
Edward> signature is published in an RRSIG resource record, owned by the same
Edward> domain as the DS RRset and with a type covered of DS.
So changed.
Edward> # The resulting packet format for the resulting DS record
Edward> # will be [XXX: IANA assignment should replace the 2 below]:
Edward> I would not use "packet format" but rather something like
Edward> "on-the-wire"
Ok.
Edward> # The following is an example DSKEY and matching DS record. This
Edward> s/DSKEY/DNSKEY/
gack!
Edward> # Implementations MUST support the use of the SHA-256 algorithm in DS
Edward> # RRs.
Edward> This is always a sticky point. It's up to an implementation
Edward> to decide if it will support RFC wxyz.
I'm not sure what your complaint is here. Are you saying that it
shouldn't be included or that it should be changed to "Implementations
*that support this specification* MUST ...".
Edward> # behavior SHOULD by the default. Validator implementations MAY
Edward> s/by/be/
Thanks (it was actually pointed privately just after publication so
was already locally fixed).
--
Wes Hardaker
Sparta, Inc.
--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>