On Mon, 17 Jun 2013, Warren Kumari wrote:
We have just posted a new version of draft-kumari-ogud-dnsop-cds
This incorporates comments from both the list and in person discussions.
The authors believe this version is ready for WG adoption and request the DNSOP
chairs to kick off an adoption call.
I am in favour of adopting this draft as a WG item.
Some comments:
Section 3.1.1:
I don't think the CDS record should be able to cause a child domain to
go from secure to insecure, or from insecure to secure. That
(infrequent) change should have an additional authentication, eg via EPP
or otherwise)
I strongly prefer the CDS and DS digest algorithms to be identical, so I
am not in favour of some special kind of CDS digest overloading for the
meaning of transition from secure to insecure.
Section 4.2
I think it _is_ able to use a standard validator. It just needs a
non-standard trust anchor loading for confirmation the path of trust
will not break.
Typos:
thus it is not be able -> thus it is not able
If one exits it applies -> If one exists it applies
_______________________________________________
DNSOP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dnsop
