On Oct 4, 2013, at 1:51 AM, Matthijs Mekking <[email protected]> wrote:
> On 10/03/2013 10:06 PM, Paul Wouters wrote:
>> On Thu, 3 Oct 2013, Warren Kumari wrote:
>>
>>> Ok, I just want to make completely sure I understand (so I make sure
>>> that I'm correctly capturing things in the draft).
>>>
>>> We would have 2 RRs, one of CDS and one of CDNSKEY.
>>>
>>> CDS is as described in the earlier version of the doc.
>>> example.com. 86400 IN CDS 31589 8 1
>>> 3490A6806D47F17A34C29E2CE80E8A999FFBE4BE
>>>
>>> and CDNSKEY is:
>>> example.com. 86400 IN CDNSKEY 57 3 8
>>> AwEAAeikvxboZpn9VCxm3YDLHo40SvA9EmRwJHHQyJ0OCzrQSRBSipoj
>>> rW7yESXWiDDyzflS8rgzDs7M3fIdSduOdyNi55DmXPdkS8HYORTMNyzF
>>> sSOg+xx6tUySK2p4WAhlbsJNLz4IkQCek59NoDBOLyQ15npsr7Tgfb/H
>>> HU7zmCMvnxh0SqO2lyhnQfk29Thc3nC4KNJNb3drjWKOuCw5mg+2GrEZ
>>> Yc/VqdeGvrOCQ2el8jWZpSU5cxb7EdEy4B9nEeZiBpHXaZ5XJ+ewi4vm
>>> cUK5/445mGJqV4rDeicy5/ShC/BJ81v3bIRPWebvDRJmDbjr2d9MnLXU E7yyETrQd18=
>>>
>>> Parents who want DS poll (or whatever) for CDS, parents who want
>>> DNSKEY poll (or whatever) for CDNSKEY.
>>>
>>> Hopefully I'm understanding, because this seems much cleaner, simpler
>>> and more elegant than the CTA stuff that I described.
>>> So, is this what folk would like? If not, apologies for being dim...
>>
>> Yes.
>
> And no.
>
> We could introduce a separate RRtype for synchronizing DS with DNSKEY
> material: CDNSKEY.
>
> We could also reuse the CDS RRtype. Than for parents who want DS poll:
>
> example.com. 86400 IN CDS *1* 257 3 8
> AwEAAeikvxboZpn9VCxm3YDLHo40SvA9EmRwJHHQyJ0OCzrQSRBSipoj
> rW7yESXWiDDyzflS8rgzDs7M3fIdSduOdyNi55DmXPdkS8HYORTMNyzF
> sSOg+xx6tUySK2p4WAhlbsJNLz4IkQCek59NoDBOLyQ15npsr7Tgfb/H
> HU7zmCMvnxh0SqO2lyhnQfk29Thc3nC4KNJNb3drjWKOuCw5mg+2GrEZ
> Yc/VqdeGvrOCQ2el8jWZpSU5cxb7EdEy4B9nEeZiBpHXaZ5XJ+ewi4vm
> cUK5/445mGJqV4rDeicy5/ShC/BJ81v3bIRPWebvDRJmDbjr2d9MnLXU E7yyETrQd18=
>
> and parents who want DNSKEY poll:
>
> example.com. 86400 IN CDS *0* 257 3 8
> AwEAAeikvxboZpn9VCxm3YDLHo40SvA9EmRwJHHQyJ0OCzrQSRBSipoj
> rW7yESXWiDDyzflS8rgzDs7M3fIdSduOdyNi55DmXPdkS8HYORTMNyzF
> sSOg+xx6tUySK2p4WAhlbsJNLz4IkQCek59NoDBOLyQ15npsr7Tgfb/H
> HU7zmCMvnxh0SqO2lyhnQfk29Thc3nC4KNJNb3drjWKOuCw5mg+2GrEZ
> Yc/VqdeGvrOCQ2el8jWZpSU5cxb7EdEy4B9nEeZiBpHXaZ5XJ+ewi4vm
> cUK5/445mGJqV4rDeicy5/ShC/BJ81v3bIRPWebvDRJmDbjr2d9MnLXU E7yyETrQd18=
>
>
> Parents who do DS poll would still have to create the DS record, but at
> least the child can signal which hash has to be used.
>
> Best regards,
> Matthijs
Matthijs and Paul
I insisted on renaming the CDS to CTA in the last version just so we can
clearly talk about options.
Strictly speaking we have 6 possible ways forward
1) DNSKEY only
2) CDS as DS
3) CDS + CDNSKEY as separate RR types
4) CTA that can include both DS and DNSKEY as RDATA
5) CDS + DNSKEY
6) Do not standardize this is too hard/controversial ?
Each one of these has advantages and disadvantages. guess the next step is to
create a table of pro's and con's of each one.
What criteria should be in the table?
Olafur
_______________________________________________
DNSOP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dnsop
