On Tue, 26 Apr 2011, Matthijs Mekking wrote:
How is the NS set "updated" without validating that NS set using the
DNSKEY set and DS record of the winning operator?
How do you know which DNSKEY is from the winning operator?
There are two DS records at the parent (DS 11111, DS 22222) and the
first one matches the cached DNSKEY RR.
Again, how did YOU validate the new NSset if you don't have the right
DNSKEY? Please read the original text again. It assumes you somehow got
an updated *validated* NSset of the new operator, without having the
DNSKEY that validated that NSset. I keep telling you that is not possible.
Paul
_______________________________________________
DNSOP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dnsop
