-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Minor clarification in the final table (thanks Wouter). RRSIG_Z_2 in step 4b and 5 should be RRSIG_K_2.
Matthijs On 09/30/2010 03:03 PM, Matthijs Mekking wrote: > c) Both a) and b) > ---------------------------------------------------------------- > 1 Initial 2 New RRSIGS 3 New DNSKEY > ---------------------------------------------------------------- > Parent: > SOA0 -------------- ( SOA ) --------------> > RRSIG_par(SOA) -------------------------------------> > DS_K_1 -------------------------------------> > RRSIG_par(DS_K_1) -------------------------------------> > > Child: > SOA0 SOA1 SOA2 > RRSIG_K_1(SOA) RRSIG_Z_1(SOA) RRSIG_Z_1(SOA) > RRSIG_Z_2(SOA) RRSIG_K_2(SOA) > > DNSKEY_K_1 DNSKEY_K_1 DNSKEY_K_1 > RRSIG_K_1(DNSKEY) DNSKEY_Z_1 DNSKEY_Z_1 > RRSIG_K_1(DNSKEY) DNSKEY_K_2 > RRSIG_K_2(DNSKEY) RRSIG_K_1(DNSKEY) > RRSIG_K_2(DNSKEY) > ---------------------------------------------------------------- > 4 Exchange DS 4b Revoke DNSKEY 5 Remove DNSKEY > ---------------------------------------------------------------- > Parent: > SOA1 -------------( SOA )----------------> > RRSIG_par(SOA) -------------------------------------> > DS_K_2 -------------------------------------> > RRSIG_par(DS_K_2) -------------------------------------> > > Child: > ---- (SOA2 ) ---> SOA3 SOA4 > ----------------> RRSIG_Z_1(SOA) RRSIG_Z_2(SOA) > ----------------> RRSIG_Z_2(SOA) > > ----------------> DNSKEY_K_1_REVOKED DNSKEY_K_2 > ----------------> DNSKEY_Z_1 RRSIG_K_2(DNSKEY) > ----------------> DNSKEY_K_2 > ----------------> RRSIG_K_1_REVOKED(DNSKEY) > ----------------> RRSIG_K_2(DNSKEY) > ---------------------------------------------------------------- > 6 Remove RRSIGS > ---------------------------------------------------------------- > Parent: > --------------( SOA )----------------> > -------------------------------------> > -------------------------------------> > -------------------------------------> > > Child: > SOA5 > RRSIG_K_2(SOA5) > > DNSKEY_K_2 > RRSIG_K_2(DNSKEY) > ---------------------------------------------------------------- > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJMpI0AAAoJEA8yVCPsQCW5ND4H/iG9lHq5hq0IRh6cKbmTT0GJ MzDknlNBnkLdKOMS1jhhEc0QB5/32xJV4/Fv9+Md5mNRWnsLEQN4Q6gWeE2vDjMN H+e8o4IBVMSGAgPHgfMR+2tnQ+h5RZonUUjMUPx8eOZh8FoiW1PcAR9gPyqIfArr moGTMNJUxiLG+agVAK37XkFQcdKKpavVtIIBqHfhX/vdN7oBiJhtRpDdq47UBu1T q7/z7Vn1ermwmFFs3xIDt8wEOkK32IpOouVEMHrKSgCbC+wYoHA5sHZOti+jtJvF aKcTmVoNuUqbCvqtg4fh+tF1wMA4BkAkR+SH28rEqzfvzhhENsVAA12Quutehj4= =vj// -----END PGP SIGNATURE----- _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
