-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Op 25-01-13 16:41, Patrik F¦ltstrm schreef:
> I made the claim that with double DS, both for old and new zone, we > do not have to move the ZSK from old to new zone. You make the same mistake again :-) It has to move -from new- -to old- zone to be pre-published. - From old to new is not an issue. We can use DNS for that. > So, what we talk about is the case when different RRSets in the > same zone are cached differently. Right? Yes, some records may be cached from the old zone, some from the new zone, and neither zone can create signatures over those records with the ZSK of the other, so a double signature is impossible. - -- Antoin Verschuren Technical Policy Advisor SIDN Meander 501, PO Box 5022, 6802 EA Arnhem, The Netherlands P: +31 26 3525500 M: +31 6 23368970 Mailto: [email protected] XMPP: [email protected] HTTP://www.sidn.nl/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEcBAEBAgAGBQJRAqwvAAoJEDqHrM883AgnYM4H/1kT889bM15Ga5DySRTXX/n0 hlqLWJKIS7a4FaNiwP8qg0VeMPbB7HSxm9Kap01emyQwrz2FzAks4IChY6DOgPMs 2flmT9gLh9uvhudhrvNyUBDLypQmBb9jCfb1As0DteugDFI4YkZnKw118Ny+6PvW vvd4XseuxWv3iPH0mssu7hWrEVqfcYQb0j5v89s+njti1oN6Tw2s/dpAndDJh1Vf dYEaRKMOxtlNQ4VHEDtK7mA2IbjX7daYgpHs1jUqzGYkPOhgYA8lFUw2HxDFTiJ7 x8NbJLWayXhSSZlnkuB56EKduYmaOHs6juY/JjYJ4ySXe44Wb5J7m4vbB4Bk9cY= =FcdN -----END PGP SIGNATURE----- _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
