On Wed, Nov 4, 2015 at 9:19 PM, IETF Secretariat < [email protected]> wrote:
> > The DNSOP WG has placed draft-wessels-edns-key-tag in state > Candidate for WG Adoption (entered by Tim Wicinski) > > The document is available at > https://datatracker.ietf.org/doc/draft-wessels-edns-key-tag/ > > > I freely admit to not being an expert on DNSSEC. Some questions, if they make sense: 5.2.1 - If the Stub Resolver is validating, then perhaps the recursive resolver should just pass the stub resolver's list of keys, so the Auth server knows whether the stub can validate with the new keys? The Recursive will likely send other queries with its own key set, so the Auth server can get both sets of information - but will it understand the difference, or should we send forwarded keys separately? In general, this lets us know that some servers have the new key, but is there any way in the process where we can mark a key as 'old' but still usable and wait until resolvers quit sending it, before we remove it? Or is that too complicated? -- Bob Harold
_______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
