On Apr 16, 2014, at 8:02 AM, Warren Kumari <[email protected]<mailto:[email protected]>> wrote:
I think I made it even clearer: The first time a DNS operator signs a zone, they need to communicate the keying material to their parent through some out-of-band method to complete the chain of trust. Depending on the desires of the parent, the child might send their DNSKEY record, a DS record, or both. Good? Looks good to me. The whole document is looking very good. I've been reading the conversation and initially had some concerns but others already addressed the points (and so I felt no need to add to the queue of messages). Dan -- Dan York Senior Content Strategist, Internet Society [email protected]<mailto:[email protected]> +1-802-735-1624 Jabber: [email protected]<mailto:[email protected]> Skype: danyork http://twitter.com/danyork http://www.internetsociety.org/deploy360/
_______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
