In message <[email protected]>, Matt Larson writes:
> Mark,
>
> On Wed, 11 Mar 2009, Mark Andrews wrote:
> > [...] it is impossible to convert a DS to a DNSKEY prior to the
> > publication of the DNSKEY in the DNS.
>
> Why would a validator ever need to do this?
Because it makes it possible to change DNSKEYs without
having to have both the old and new key present in the zone
at the same time.
> Matt
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: [email protected]
_______________________________________________
DNSOP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dnsop
