-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 08/02/2011 07:48 PM, Blacka, David wrote: > > On Jul 28, 2011, at 1:29 PM, Matthijs Mekking wrote: > >>>> My understanding of this paragraph is that there MUST be an >>>> RRSIG for each RRset using at least one key of each algorithm >>>> in the DNSKEY RRset. So that includes the DNSKEY RRset itself. >>>> *In addition*, the DNSKEY RRset MUST be signed with the >>>> algorithms appearing in the DS RRset. >>> >>> Ok, so the snippet from 4035 alone appears to be ambigous to me. >>> Is this clarified somewhere? >> >> Perhaps draft-ietf-dnsext-dnssec-bis-updates can add that >> clarification, if appropriate. > > If this is actually desired, then it would be *very* helpful to send > text to the editors. Or at the very least, make an explicit request > to the editors. We are having a hard time tracking things that > people might want in dnssec-bis-updates.
To me, it is clear what dnssec-bis-updates says about this. Alexander, does this text still looks ambigous to you? http://tools.ietf.org/search/draft-ietf-dnsext-dnssec-bis-updates-14#section-5.11 Best regards, Matthijs > > -- David Blacka <[email protected]> > Principal Engineer Verisign Infrastructure Engineering > > _______________________________________________ DNSOP mailing list > [email protected] https://www.ietf.org/mailman/listinfo/dnsop -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJOOPv/AAoJEA8yVCPsQCW5hXMH/iGbLgStOcF7V8g8ke3drTio DkoWQlM1u97VAgOdWA8y+lXQsZK7k/3P9fqpbrGkik+kXUBuR1+4bn91mG3phN6/ AEZlZ+P5BfB4yg7U3L0xQjOmW4LuJga1YpbqYlnl3lFS4tAebE6m+P3u67aISJ7G X4jQafL5rQ5xNzYZ4ETa+90B0+XUaI13dRM67vp1kAACbHRm/Cjvj5zmF/9QZBqA gSXuIFbGZH9udciERqgmDOGYTZHO3Xv/ic2echPVBofsk4dSHnb5T3aKoswblYm5 RUffgB7aPM0eHY+fE+iOHe5l4nLU2p7E010lRCBvLdwMRgF4tswLjHzwNzJOGE4= =fhAD -----END PGP SIGNATURE----- _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
