On 10/2/13 10:24 PM, "Paul Wouters" <[email protected]> wrote:
>On Wed, 2 Oct 2013, Warren Kumari wrote: > >> Anyway, we have finally rev'ed the CDS draft, and have (I think) >>arrived at a compromise that will be acceptable to both views (DS vs >>DNSKEY). >> >> The 50'000ft[0] view is that the record is now a selector and a data >>part. >> If the selector is 0, the data is a DS record. >> It if is not 0, the data is a DNSKEY, and the parent should calculate >>the DS from that. >> (This is largely based upon ideas like that described above. ) >> >> This allows children to present DS to those parents who want DS, and >>DNSKEY to those who would prefer to calculate DS on their children's >>behalf. > >I still strongly prefer CDS (and CDNSKEY) to keep the record formats >identical, making things a lot easier on implementors and humans editing >zone files. I see no strong reason to merge these two things into one >RRTYPE of CTA. > There is the issue of "big zone operators would need to do twice as many queries". There is another reason, less obvious: What if someone puts both types in their zone? Admittedly there are the possible cases of CTA records of both flavors, but that is much less likely to occur deliberate or accidentally, than having both CDS and CDNSKEY. Copy/paste, file merge, script errors - all have non-zero chance of "same record format" => "conflicting entries" occurring. On the other hand, the odds of someone writing a script, or copying/pasting, into a DIFFERENT format, are near zero. In this case, different format is a feature, not a bug. :-) Brian (not one of the authors) _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
