I remembered that I was one of the folk volunteering to review this draft. I support this draft with some general comments below-
1. Introduction A resolver might want to maintain a zone's key as a trust anchor even if the zone has a signed delegation. Likewise a zone may wish to distribute it's key for use as a trust anchor in addition to having a DS RR in the parent zone. This really doesn't change things in the document as a whole, but something to keep in mind. Last sentence in Section 3: Should the resolver really consider zone responses as BOGUS? What if the zone is now provably unsecure? Security Considerations: If the text in Section 3 changes, this would need to change too. These are fairly minor things really. Scott _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
