-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 18-04-11 19:41, Peter Koch wrote:
> Please review the document and send any comments you may have to the > list. If you have no comments but support (or do not support) the > document being published, please send that information to the list. Another observation on the examples in section 4.1.*: - -I don't understand why the DNSKEY RRset should be signed with the ZSK. It's not wrong, but I don't see the point of signing the DNSKEY RRset with a ZSK. It's not needed and enlarges the zone. It's sufficiant if the DNSKEY RRset is signed by the KSK only. All RRSIG_Z_*(DNSKEY) can be removed. - -- Antoin Verschuren Technical Policy Advisor SIDN Utrechtseweg 310, PO Box 5022, 6802 EA Arnhem, The Netherlands P: +31 26 3525500 F: +31 26 3525505 M: +31 6 23368970 mailto:[email protected] xmpp:[email protected] http://www.sidn.nl/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAEBAgAGBQJNrV0PAAoJEDqHrM883AgnJB4H/1hxmkSY11lumbbC2T86XQkI 55hf3JGPUxDO25IHVBnUW7vNuCq1S8Bl0EptFvge5QbBdbpsCqljBgXn+hA+MBh6 mBL2J6OHsuJkDgcpqzIgA1hpVDYVPr9yrREJORwwTYP8zER3rLsyr72X2B6qFSFI ptiltI+eEl8BWgwE7Rn7Gop4MYWOS7tgFO7Af+w2OPiE3JVL+Ywjv+ShntiLzJAw uEUAXKm7WrlAKpZXgMKpo7SpLC+uqmw5t4HFryxsRZ0uKzTMBk3hkYXz0dFZNiTo YvcWaMM4FUoJJ4/ijdjJKCoVzXmtpZJuMnHeug1dX4IKOLBFFQOc/LgQW5OFq1g= =6nIr -----END PGP SIGNATURE----- _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
