Okay, mainly because I was lazy, I missed reading the last couple of versions of this draft. I still think it is good, and something that is very necessary. I have two suggestions on wording -
1. Section 4.2.1.2 second paragraph, last sentence. "maximum Zone TTL" sounds vague. Not sure what would replace that - "largest TTL of any RRset in the zone" sounds odd, SOA MinTTL isn't correct either. 2. Section 4.3.2 The text makes it sound that once the ZSK is rolled over, everything is fine. That may not be the case as long as the RRSIGs over the old DNSKEY RRset (the one with the compromised ZSK) are still valid. Admins new to DNSSEC may not realize this, even though it is addressed (in some fashion) in other sections. Maybe a statement restating that issue should be included. Just really suggestions - nothing that would alter the main points in the text. Scott > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of > [EMAIL PROTECTED] . dnsop resources:_____________________________________________________ web user interface: http://darkwing.uoregon.edu/~llynch/dnsop.html mhonarc archive: http://darkwing.uoregon.edu/~llynch/dnsop/index.html
