Re: [DNSOP] CDS and/or CDNSKEY

Thu, 03 Oct 2013 22:52:52 -0700 

On 10/03/2013 10:06 PM, Paul Wouters wrote:
> On Thu, 3 Oct 2013, Warren Kumari wrote:
> 
>> Ok, I just want to make completely sure I understand (so I make sure
>> that I'm correctly capturing things in the draft).
>>
>> We would have 2 RRs, one of CDS and one of CDNSKEY.
>>
>> CDS is as described in the earlier version of the doc.
>> example.com. 86400 IN CDS 31589 8 1
>> 3490A6806D47F17A34C29E2CE80E8A999FFBE4BE
>>
>> and CDNSKEY is:
>> example.com. 86400 IN CDNSKEY 57 3 8
>> AwEAAeikvxboZpn9VCxm3YDLHo40SvA9EmRwJHHQyJ0OCzrQSRBSipoj
>> rW7yESXWiDDyzflS8rgzDs7M3fIdSduOdyNi55DmXPdkS8HYORTMNyzF
>> sSOg+xx6tUySK2p4WAhlbsJNLz4IkQCek59NoDBOLyQ15npsr7Tgfb/H
>> HU7zmCMvnxh0SqO2lyhnQfk29Thc3nC4KNJNb3drjWKOuCw5mg+2GrEZ
>> Yc/VqdeGvrOCQ2el8jWZpSU5cxb7EdEy4B9nEeZiBpHXaZ5XJ+ewi4vm
>> cUK5/445mGJqV4rDeicy5/ShC/BJ81v3bIRPWebvDRJmDbjr2d9MnLXU E7yyETrQd18=
>>
>> Parents who want DS poll (or whatever) for CDS, parents who want
>> DNSKEY poll (or whatever) for CDNSKEY.
>>
>> Hopefully I'm understanding, because this seems much cleaner, simpler
>> and more elegant than the CTA stuff that I described.
>> So, is this what folk would like? If not, apologies for being dim...
> 
> Yes.

And no.

We could introduce a separate RRtype for synchronizing DS with DNSKEY
material: CDNSKEY.

We could also reuse the CDS RRtype. Than for parents who want DS poll:

example.com. 86400 IN CDS *1* 257 3 8
AwEAAeikvxboZpn9VCxm3YDLHo40SvA9EmRwJHHQyJ0OCzrQSRBSipoj
rW7yESXWiDDyzflS8rgzDs7M3fIdSduOdyNi55DmXPdkS8HYORTMNyzF
sSOg+xx6tUySK2p4WAhlbsJNLz4IkQCek59NoDBOLyQ15npsr7Tgfb/H
HU7zmCMvnxh0SqO2lyhnQfk29Thc3nC4KNJNb3drjWKOuCw5mg+2GrEZ
Yc/VqdeGvrOCQ2el8jWZpSU5cxb7EdEy4B9nEeZiBpHXaZ5XJ+ewi4vm
cUK5/445mGJqV4rDeicy5/ShC/BJ81v3bIRPWebvDRJmDbjr2d9MnLXU E7yyETrQd18=

and parents who want DNSKEY poll:

example.com. 86400 IN CDS *0* 257 3 8
AwEAAeikvxboZpn9VCxm3YDLHo40SvA9EmRwJHHQyJ0OCzrQSRBSipoj
rW7yESXWiDDyzflS8rgzDs7M3fIdSduOdyNi55DmXPdkS8HYORTMNyzF
sSOg+xx6tUySK2p4WAhlbsJNLz4IkQCek59NoDBOLyQ15npsr7Tgfb/H
HU7zmCMvnxh0SqO2lyhnQfk29Thc3nC4KNJNb3drjWKOuCw5mg+2GrEZ
Yc/VqdeGvrOCQ2el8jWZpSU5cxb7EdEy4B9nEeZiBpHXaZ5XJ+ewi4vm
cUK5/445mGJqV4rDeicy5/ShC/BJ81v3bIRPWebvDRJmDbjr2d9MnLXU E7yyETrQd18=


Parents who do DS poll would still have to create the DS record, but at
least the child can signal which hash has to be used.

Best regards,
  Matthijs

> 
> Paul
> _______________________________________________
> DNSOP mailing list
> [email protected]
> https://www.ietf.org/mailman/listinfo/dnsop

_______________________________________________
DNSOP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dnsop

Reply via email to