On Fri, Mar 23, 2018 at 10:28 AM, Mark Andrews <[email protected]> wrote: > Also Section 3.1 is not specific enough to implement. QNAME needs a > qualifier (current or original). > > The leftmost label of the QNAME is either "kskroll-sentinel-is-ta- > <key-tag>" or "kskroll-sentinel-not-ta-<key-tag>"
This was too terse for me to parse. The check is: Does the left most label in the query name match "kskroll-sentinel-is-ta-<key-tag>" where <key-tag> is as unsigned decimal integer (as described in [RFC4034], section 5.3), zero-padded to five digits (for example, a Key Tag 42 would be represented in the label as 00042). So, kskroll-sentinel-is-ta-19036.example.com would match, as would kskroll-sentinel-is-ta-20326.example.com, as would kskroll-sentinel-is-ta-00042.example.net. The question is not kskroll-sentinel-is-ta-original.example.com. I really don't understand your question -- please help. W > -- > Mark Andrews, ISC > 1 Seymour St., Dundas Valley, NSW 2117, Australia > PHONE: +61 2 9871 4742 INTERNET: [email protected] > > _______________________________________________ > DNSOP mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/dnsop -- I don't think the execution is relevant when it was obviously a bad idea in the first place. This is like putting rabid weasels in your pants, and later expressing regret at having chosen those particular rabid weasels and that pair of pants. ---maf _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
