-----BEGIN PGP SIGNED MESSAGE-----
>>>>> "Edward" == Edward Lewis <[EMAIL PROTECTED]> writes:
Edward> The first issue to hash out is - whether a registry needs
Edward> the key or even if the registry should get the key.
Edward> Remember that "key at parent" was ditched in favor of the
Edward> delegation signer record.
Availability of the DNSKEY in another database provides the ability to
easily create forests. While I can read the DS over the phone with
another zone owner, the parent may not be generating them yet.
Given DNSKEY, we can create DS, but not the inverse.
That makes the decision simple for me.
Edward> The second issue is whether the protocol ought to even
Edward> support a choice. In my opinion, the DS option is required.
No choices. DNSKEY required.
Making DS optional is fine, but I see that as useless code.
- --
] ON HUMILITY: to err is human. To moo, bovine. | firewalls [
] Michael Richardson, Xelerance Corporation, Ottawa, ON |net architect[
] [EMAIL PROTECTED] http://www.sandelman.ottawa.on.ca/mcr/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Finger me for keys
iQCVAwUBQa0vyIqHRg3pndX9AQE1SAQAi3FlH8yUfcvIgaG9hdwYpQKyA3xrfXP/
eX27s3BtxTO5prEqqJy152N21QJ2pAsMn+gb/UvgqH+XTauLyglAnvW6YlJsrana
6hBnuwYgmmuGr361KSOePKgavxCb3XHSeupBIu9MBfbJ5wv2JU+D4Fr2M37d9YU7
ztZou20Dlh0=
=0NRC
-----END PGP SIGNATURE-----
.
dnsop resources:_____________________________________________________
web user interface: http://darkwing.uoregon.edu/~llynch/dnsop.html
mhonarc archive: http://darkwing.uoregon.edu/~llynch/dnsop/index.html
