[EMAIL PROTECTED] (Rob Austein) writes: > <hat wg-co-chair=off just-another-bozo=yes> > > With respect to all participants, this discussion of whether EPP > should carry DNSKEY or DS appears to be following the "What color > shall we paint the bike shed?" pattern. > > http://a.mongers.org/clueful/1999-phk-bikeshed > > </hat>
i disagree. asking your parent zone to calculate a hash leaves open the possibility that someday the way that hash is to be calculated will change and you will know about the change but your parent won't, and also the possibility that your parent will calculate it wrongly. the simplest design is one where a zone owner gives the parent zone data, and the parent zone publishes that data. no transformations, just storage and publication. this is somewhat analagous to having to tell a parent zone both the name and the address of a nameserver. it's best to tell the parent zone what it needs to know -- the name. if you also tell it the addresses, then there's a chance (a very good chance as it turns out) that those addresses will be wrong, or will become stale. just the facts, ma'am. > <hat wg-co-chair=on> > > Is there anyone who would vehemently object to allowing EPP to > support both record types and letting the users decide? > > </hat> that would be me. if ORG ends up wanting DS, but COM and NET end up wanting full keys, then the EPP community will not have been well served by the standards process. we have to make a decision and make it stick. compared to that, making the right decision is a secondary consideration. -- Paul Vixie . dnsop resources:_____________________________________________________ web user interface: http://darkwing.uoregon.edu/~llynch/dnsop.html mhonarc archive: http://darkwing.uoregon.edu/~llynch/dnsop/index.html
