On Oct 3, 2013, at 2:45 AM, Matthijs Mekking <[email protected]> wrote:
> Hi, > > First of all. I strongly agree with Paul: keep the record formats identical. Ok, I just want to make completely sure I understand (so I make sure that I'm correctly capturing things in the draft). We would have 2 RRs, one of CDS and one of CDNSKEY. CDS is as described in the earlier version of the doc. example.com. 86400 IN CDS 31589 8 1 3490A6806D47F17A34C29E2CE80E8A999FFBE4BE and CDNSKEY is: example.com. 86400 IN CDNSKEY 57 3 8 AwEAAeikvxboZpn9VCxm3YDLHo40SvA9EmRwJHHQyJ0OCzrQSRBSipoj rW7yESXWiDDyzflS8rgzDs7M3fIdSduOdyNi55DmXPdkS8HYORTMNyzF sSOg+xx6tUySK2p4WAhlbsJNLz4IkQCek59NoDBOLyQ15npsr7Tgfb/H HU7zmCMvnxh0SqO2lyhnQfk29Thc3nC4KNJNb3drjWKOuCw5mg+2GrEZ Yc/VqdeGvrOCQ2el8jWZpSU5cxb7EdEy4B9nEeZiBpHXaZ5XJ+ewi4vm cUK5/445mGJqV4rDeicy5/ShC/BJ81v3bIRPWebvDRJmDbjr2d9MnLXU E7yyETrQd18= Parents who want DS poll (or whatever) for CDS, parents who want DNSKEY poll (or whatever) for CDNSKEY. Hopefully I'm understanding, because this seems much cleaner, simpler and more elegant than the CTA stuff that I described. So, is this what folk would like? If not, apologies for being dim... So, if seems that if children are not sure which one their parent wants, they *could* just publish both. If they *do* publish both, they should make sure that they are consistent. Parents should *not* check both and perform a constancy check (avoids all sorts of corner cases, old records, etc). > > Second: Why the name change? I assume the TA in CTA stands for Trust > Anchor. The name CDS seems to fit better even in the DNSKEY case. After > all, we are talking about the synchronizing the Delegation Signer, not a > Trust Anchor. Yup -- I changed it to try and make it clear that this was a different format to the original CDS record, and avoid the "Hang on, did you mean in the CDS record described in version -00 through version -03, or the CDS that was in -04, or something else?!" problem. I also didn't want those parents who want DNSKEY to feel that that this was primarily about DS and that their use case was less important. I may have been being overly sensitive. CTA is a crappy name (I much preferred CDS), and will more than happily s/CTA/CDS/g :-P W > > > On 10/03/2013 05:59 AM, Guangqing Deng wrote: >>> On Thu, 3 Oct 2013, Dickson, Brian wrote: >> >>>>>> This allows children to present DS to those parents who want DS, and >>>>>> DNSKEY to those who would prefer to calculate DS on their children's >>>>>> behalf. >>>>> >>>>> I still strongly prefer CDS (and CDNSKEY) to keep the record formats >>>>> identical, making things a lot easier on implementors and humans >> editing >>>>> zone files. I see no strong reason to merge these two things into one >>>>> RRTYPE of CTA. > > Merging does not necessarily mean different record formats for DS and > DNSKEY. As said earlier, the RDATA can be one selector field + DNSKEY RDATA. > > example.com. 86400 IN CDS 0 257 3 5 AQPSKmyn... > ^^^^^^^^^^^^^^^^^^^ > DNSKEY RDATA > >>>>> >>>> >>>> There is the issue of "big zone operators would need to do twice as many >>>> queries". >> >>> Why? The big zone operators only need to support one type - the type >>> that matches their policy. If they need a DNSKEY, they look for CDNSKEY. >>> If they need a DS, they look for CDS. >> >>>> What if someone puts both types in their zone? >>> Ignore both? >> >> Maybe the parent zone needs a policy to always choose one and only one kind >> of RR (either CDS or CDNSKEY) and omit the other in this situation. > > Exactly that. > > Best regards, > Matthijs > >> >>> Paul >>> _______________________________________________ >>> DNSOP mailing list >>> [email protected] >>> https://www.ietf.org/mailman/listinfo/dnsop >> >> ------------------------------------------------------------------------ >> Guangqing Deng >> cnnic >> >> >> _______________________________________________ >> DNSOP mailing list >> [email protected] >> https://www.ietf.org/mailman/listinfo/dnsop >> > > _______________________________________________ > DNSOP mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/dnsop > -- It is impossible to sharpen a pencil with a blunt axe. It is equally vain to try to do it with ten blunt axes instead. -- E.W Dijkstra, 1930-2002 _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
