I didn't follow the debate that led to the choice to include both. But previous experience suggests that only including one (either!) would be seen as dictating security policy or procedure in some way. I think keeping both is better.
I'm not sure there was a debate that led to both being there.
Keeping both covers ourselves with respect to having the protocol do either. But this is done at a cost - more complex code, more complex business rules.
As operators (DNSOP) what is the consensus of the group? Is specifying one way going to make the operations job easier than specifying two ways of doing this? If we don't specify the DNSKEY option are we losing something important?
This isn't just a question for registries, it's also for registrars and whoever else is on the client end of the connection (e.g., LIRs and NIRs if EPP spreads to the number registries). Does a registrar want to have to configure "DNSKEY" for one TLD, and "DS" for a different TLD?
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis +1-571-434-5468
NeuStar
I would have been at the meeting, but I was busy raking the leaves from the (now) empty non-terminals in my yard. . dnsop resources:_____________________________________________________ web user interface: http://darkwing.uoregon.edu/~llynch/dnsop.html mhonarc archive: http://darkwing.uoregon.edu/~llynch/dnsop/index.html
