Olafur, > Now on to new issue: > The RRSIG in the EPP transfer. > This text was put in based on my suggestion, upon reflection I think > this is a bad idea and should be removed from the document. > If we send DS then the recipient needs to query for the DNSKEY RRset > to evaluate the signatures, this forces the registrant to have the new > SEP key on-line.
If we remove the DNSKEY data, the RRSIG stuff goes with it because <secDNS:sig> is currently part of <secDNS:keyData>. Are you suggesting something else? If we remove it I can see a need for some text to describe the operational issue that you've touched on above. -Scott- . dnsop resources:_____________________________________________________ web user interface: http://darkwing.uoregon.edu/~llynch/dnsop.html mhonarc archive: http://darkwing.uoregon.edu/~llynch/dnsop/index.html
