On Oct 4, 2013, at 7:35 AM, Warren Kumari <[email protected]> wrote:
> > I'm planning on just tossing the CDS and CDNSKEY option into the draft on a > plane this afternoon, and folk can have a look and see how they feel about > this. To my mind the CDS + CDNSKEY seems by far the cleanest option. > Done. I have just published -05. This version has both the CDS and CDNSKEY records, and some rules for what you do with them. I personally find this the most attractive option -- it allows those who want DS to accept DS and those who prefer DNSKEY to take DNSKEY. It keeps the record formats identical to the records that they represent (which, IMO makes implementation simpler), etc. So, would like to get some feedback on this version -- I understand that it might not please everyone, such is the nature of compromise. W Filename: draft-kumari-ogud-dnsop-cds Revision: 05 Title: Automating DNSSEC delegation trust maintenance Creation date: 2013-10-05 Group: Individual Submission Number of pages: 17 URL: http://www.ietf.org/internet-drafts/draft-kumari-ogud-dnsop-cds-05.txt Status: http://datatracker.ietf.org/doc/draft-kumari-ogud-dnsop-cds Htmlized: http://tools.ietf.org/html/draft-kumari-ogud-dnsop-cds-05 Diff: http://www.ietf.org/rfcdiff?url2=draft-kumari-ogud-dnsop-cds-05 Abstract: This document describes a method to allow DNS operators to more easily update DNSSEC Key Signing Keys using DNS as communication channel. This document does not address the initial configuration of trust anchors for a domain. The technique described is aimed at delegations in which it is currently hard to move information from the child to parent. > W > >> >> Olafur >> >> _______________________________________________ >> DNSOP mailing list >> [email protected] >> https://www.ietf.org/mailman/listinfo/dnsop >> > > -- > It's a mistake trying to cheer up camels. You might as well drop meringues > into a black hole. -- Terry Prachett > > -- "Go on, prove me wrong. Destroy the fabric of the universe. See if I care." -- Terry Prachett _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
