David Blacka wrote:
> As part of the effort to sign the root, we thought it might be a good
> idea to look at possible root DNSKEY responses sizes given different
> key sizes and key rollover scenarios.
It's not a good idea to waste time on a hopeless protocol.
Properly designed protocols use at least four RR types for KSKs
and ZSKs at even and odd generations, none of which needs to be
sent with referral.
And that's not the only uncessary complexity of DNSSEC.
Masataka Ohta
_______________________________________________
DNSOP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dnsop
