On Tue, 15 Mar 2005, Samuel Weiler wrote: > However...the current draft does include those sDate/eDate parameters > for telling a parent when to to first (and last) publish a DS. From a > security standpoint, they probably aren't strictly needed (it may > depend on what you want the failure mode to be if the child doesn't > contact its parent regularly: do you want the DS to keep getting > resigned forever and always or just timeout?). I assume there was > some reason for them to be in the draft, so it's probably worth > explicitly asking if that functionality desired by anyone.
Asking this in a different way: what failure modes do we want to enable for cases when a child does not regularly contact its parent? Do we want to enable allowing the DS to timeout (be removed from the zone), in which case sDate/eDate are probably needed? -- Sam . dnsop resources:_____________________________________________________ web user interface: http://darkwing.uoregon.edu/~llynch/dnsop.html mhonarc archive: http://darkwing.uoregon.edu/~llynch/dnsop/index.html
