On Wed, 03 Aug 2011 09:42:55 +0200, Matthijs Mekking <[email protected]> said:
> On 08/02/2011 07:48 PM, Blacka, David wrote: >> >> On Jul 28, 2011, at 1:29 PM, Matthijs Mekking wrote: >> >>>>> My understanding of this paragraph is that there MUST be an >>>>> RRSIG for each RRset using at least one key of each algorithm >>>>> in the DNSKEY RRset. So that includes the DNSKEY RRset itself. >>>>> *In addition*, the DNSKEY RRset MUST be signed with the >>>>> algorithms appearing in the DS RRset. >>>> >>>> Ok, so the snippet from 4035 alone appears to be ambigous to me. >>>> Is this clarified somewhere? >>> >>> Perhaps draft-ietf-dnsext-dnssec-bis-updates can add that >>> clarification, if appropriate. >> >> If this is actually desired, then it would be *very* helpful to send >> text to the editors. Or at the very least, make an explicit request >> to the editors. We are having a hard time tracking things that >> people might want in dnssec-bis-updates. > To me, it is clear what dnssec-bis-updates says about this. Alexander, > does this text still looks ambigous to you? No, this is fine. -- Alex > http://tools.ietf.org/search/draft-ietf-dnsext-dnssec-bis-updates-14#section-5.11 > Best regards, > Matthijs >> >> -- David Blacka <[email protected]> >> Principal Engineer Verisign Infrastructure Engineering >> >> _______________________________________________ DNSOP mailing list >> [email protected] https://www.ietf.org/mailman/listinfo/dnsop _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
