Again, blame the morning and the Google that led me to old version of the draft, in fact the current draft says:
[ NOTE: This version uses the labels "kskroll-sentinel-is-ta-<key- tag>", "kskroll-sentinel-not-ta-<key-tag>"; older versions of this document used "_is-ta-<key-tag>", "_not-ta-<key-tag>". Also note that the format of the tag-index is now zero-filled decimal. Apolgies to those who have began implmenting.] And I believe the “kskrool-" part is in fact wrong, as even though it targets the current RZ KSK Roll, it’s not what the mechanism describes - this is a mechanism to monitor root zone trust anchors. Ondrej -- Ondřej Surý [email protected] > On 23 Mar 2018, at 09:38, Ondřej Surý <[email protected]> wrote: > > Hi Joao, > > I think Mark has a legitimate question. Once we settle on one specific label, > it will get stapled all over - not only the label in the domain name, but > also configuration options, etc… etc… > > I proposed rzksk-sentinel for our configuration to enable/disable it, but > Mark is quite right that this needs to be in sync with the label. > > Ondrej > -- > Ondřej Surý > [email protected] > >> On 23 Mar 2018, at 09:29, Joao Damas <[email protected]> wrote: >> >> Mark, >> >> >>> On 23 Mar 2018, at 00:55, Mark Andrews <[email protected]> wrote: >>> >>> This title of this document DOES NOT match reality. >>> >>> "A Sentinel for Detecting Trusted Keys in DNSSEC” should be >>> replaced by “A Root Key Trust Anchor Sentinel for DNSSEC”. >> >> Sigh , really? >> >>> >>> kskroll-sentinel-<what>-<id> really needs something other >>> than “kskroll” as the first field. “root-key-sentinal-<what>-<id>” >>> really more clearly matches what it does. >> >> It is just a string that is easily identifiable. Let’s get over this. >> >> Joao >> _______________________________________________ >> DNSOP mailing list >> [email protected] >> https://www.ietf.org/mailman/listinfo/dnsop > _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
