> For me as well, the natural option is the provision of the DS record. > However in a discussion with somebody (Miek, was it you?), he > mentioned > that it could be useful for the registry to have the DNSKEYs > handy, in > case the algorithms to distille the DS out of it would change.
This was the primary reason that the current proposal includes the option to do one or the other. It adds some complexity. Is the benefit worth it or not? -Scott- . dnsop resources:_____________________________________________________ web user interface: http://darkwing.uoregon.edu/~llynch/dnsop.html mhonarc archive: http://darkwing.uoregon.edu/~llynch/dnsop/index.html
