Again, blame the morning and the Google that led me to old version of the 
draft, in fact the current draft says:

   [ NOTE: This version uses the labels "kskroll-sentinel-is-ta-<key-
   tag>", "kskroll-sentinel-not-ta-<key-tag>"; older versions of this
   document used "_is-ta-<key-tag>", "_not-ta-<key-tag>".  Also note
   that the format of the tag-index is now zero-filled decimal.
   Apolgies to those who have began implmenting.]

And I believe the “kskrool-" part is in fact wrong, as even though it targets 
the current RZ KSK Roll, it’s not what the mechanism describes - this is a 
mechanism to monitor root zone trust anchors.

Ondrej
--
Ondřej Surý
[email protected]

> On 23 Mar 2018, at 09:38, Ondřej Surý <[email protected]> wrote:
> 
> Hi Joao,
> 
> I think Mark has a legitimate question. Once we settle on one specific label, 
> it will get stapled all over - not only the label in the domain name, but 
> also configuration options, etc… etc…
> 
> I proposed rzksk-sentinel for our configuration to enable/disable it, but 
> Mark is quite right that this needs to be in sync with the label.
> 
> Ondrej
> --
> Ondřej Surý
> [email protected]
> 
>> On 23 Mar 2018, at 09:29, Joao Damas <[email protected]> wrote:
>> 
>> Mark,
>> 
>> 
>>> On 23 Mar 2018, at 00:55, Mark Andrews <[email protected]> wrote:
>>> 
>>> This title of this document DOES NOT match reality.
>>> 
>>> "A Sentinel for Detecting Trusted Keys in DNSSEC” should be
>>> replaced by “A Root Key Trust Anchor Sentinel for DNSSEC”.
>> 
>> Sigh , really?
>> 
>>> 
>>> kskroll-sentinel-<what>-<id> really needs something other
>>> than “kskroll” as the first field.  “root-key-sentinal-<what>-<id>”
>>> really more clearly matches what it does.
>> 
>> It is just a string that is easily identifiable. Let’s get over this.
>> 
>> Joao
>> _______________________________________________
>> DNSOP mailing list
>> [email protected]
>> https://www.ietf.org/mailman/listinfo/dnsop
> 

_______________________________________________
DNSOP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dnsop

Reply via email to