[On 16 Nov, @ 20:22, Paul wrote in "Re: [dnsop] comments on draft. ..."] > [EMAIL PROTECTED] (Rob Austein) writes: > > > <hat wg-co-chair=off just-another-bozo=yes> > > > > With respect to all participants, this discussion of whether EPP > > should carry DNSKEY or DS appears to be following the "What color > > shall we paint the bike shed?" pattern. > > > > http://a.mongers.org/clueful/1999-phk-bikeshed > > > > </hat> > > i disagree. asking your parent zone to calculate a hash leaves open > the possibility that someday the way that hash is to be calculated > will change and you will know about the change but your parent won't, > and also the possibility that your parent will calculate it wrongly.
I think this is little bit far fetched. If your parent cannot even calculate the correct DS, they will be able to correctly generate the signature for the DS? > the simplest design is one where a zone owner gives the parent zone > data, and the parent zone publishes that data. no transformations, > just storage and publication. I agree that this is the simplest design, but with DS you will have to some transformation, no matter what. But who is more likely to make mistakes? The child, which doesn't even see the DS in its zone? Or the parent who generates them by the million? > > <hat wg-co-chair=on> > > > > Is there anyone who would vehemently object to allowing EPP to > > support both record types and letting the users decide? > > > > </hat> > > well served by the standards process. we have to make a decision > and make it stick. compared to that, making the right decision is > a secondary consideration. true, grtz Miek . dnsop resources:_____________________________________________________ web user interface: http://darkwing.uoregon.edu/~llynch/dnsop.html mhonarc archive: http://darkwing.uoregon.edu/~llynch/dnsop/index.html
