Hi, About Child's CDS / CDNSKEY publication, I still think that it is too strong that the Child DNS Operator SHOULD/MUST delete the CDS RRset when the Parent DS is "in-sync". This should be a MAY.
As Joe Abley pointed out, keeping the CDS/CDNSKEY published is a nice addition for debugging/monitoring purposes. When the Parent sees that the CDS/ CDNSKEY RRset is empty, no action should be taken. When the Parent sees that the CDS / CDNSKEY RRset is already "in-sync", no action should be taken. Best regards, Matthijs On 01/04/2014 10:21 PM, Warren Kumari wrote: > We think that this resolves the open comments and is ready for WGLC. > > > > On Sat, Jan 4, 2014 at 3:40 PM, <[email protected] > <mailto:[email protected]>> wrote: > > > A New Internet-Draft is available from the on-line Internet-Drafts > directories. > This draft is a work item of the Domain Name System Operations > Working Group of the IETF. > > Title : Automating DNSSEC delegation trust maintenance > Authors : Warren Kumari > Olafur Gudmundsson > George Barwood > Filename : > draft-ietf-dnsop-delegation-trust-maintainance-01.txt > Pages : 17 > Date : 2014-01-04 > > Abstract: > This document describes a method to allow DNS operators to more > easily update DNSSEC Key Signing Keys using DNS as communication > channel. This document does not address the initial configuration of > trust anchors for a domain. The technique described is aimed at > delegations in which it is currently hard to move information from > the child to parent. > > > The IETF datatracker status page for this draft is: > > https://datatracker.ietf.org/doc/draft-ietf-dnsop-delegation-trust-maintainance/ > > There's also a htmlized version available at: > > http://tools.ietf.org/html/draft-ietf-dnsop-delegation-trust-maintainance-01 > > A diff from the previous version is available at: > > http://www.ietf.org/rfcdiff?url2=draft-ietf-dnsop-delegation-trust-maintainance-01 > > > Please note that it may take a couple of minutes from the time of > submission > until the htmlized version and diff are available at tools.ietf.org > <http://tools.ietf.org>. > > Internet-Drafts are also available by anonymous FTP at: > ftp://ftp.ietf.org/internet-drafts/ > > _______________________________________________ > DNSOP mailing list > [email protected] <mailto:[email protected]> > https://www.ietf.org/mailman/listinfo/dnsop > > > > > _______________________________________________ > DNSOP mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/dnsop > _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
