On Sat, 8 Feb 2014, Mukund Sivaraman wrote:
Did you see my reply to your email a few weeks ago where I asked why new CDS/CDNSKEY RR types are required instead of adding a new bit to the Flags field of the DNSKEY RR.
That does not allow prepublishing of DS records for DNSKEY's not published in the zone yet, which is a strategy for publishing an emergency rollover key at the parent in case of a compromise of the signer. This key can be completely offline and even the public key part unknown to any party. Paul _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
