Tony Finch Friday, March 01, 2013 12:38 PM: > > Friday, March 01, 2013 11:58 AM Tony Finch wrote: > > > > > > Hmm, I wonder if it would be enough to put only the key tag in the > > > CDS RDATA, > > > > That wouldn't work because you might have two keys with exactly the > > same key-tag. You can't be certain that the key-tag is unique. > > True, however it's common for tools to ensure tags are unique.
I know first hand of at least one tool that doesn't. It would be good if any new RFC is backward compatible. > > > and let the parent calculate the DS from the corresponding DNSKEY. > > > > Assuming that the parent knows the algorithm that the child wishes to > > use for his DS record. That might not always be the case. > > You could include an algorithm field. The parent might not have access to the new algorithm in the software. If for example the child wishes to use SHA-X but the parent only supports SHA-Y. What should the parent do if the child flags for SHA-X in this algorithm field but it is not available? _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
