There weren't any other comments, so to come back to these: [On 05 Oct, @17:08, Scott Rose wrote in "RE: [dnsop] I-D ACTION:draft-i ..."] > Okay, mainly because I was lazy, I missed reading the last couple of > versions of this draft. I still think it is good, and something that is > very necessary. I have two suggestions on wording - > > 1. Section 4.2.1.2 second paragraph, last sentence. "maximum Zone TTL" > sounds vague. Not sure what would replace that - "largest TTL of any RRset > in the zone" sounds odd, SOA MinTTL isn't correct either.
The 'maximum/minimum zone TTL' is defined in Section 1.2, > 2. Section 4.3.2 The text makes it sound that once the ZSK is rolled over, > everything is fine. That may not be the case as long as the RRSIGs over the > old DNSKEY RRset (the one with the compromised ZSK) are still valid. Admins > new to DNSSEC may not realize this, even though it is addressed (in some > fashion) in other sections. Maybe a statement restating that issue should > be included. > > Just really suggestions - nothing that would alter the main points in the > text. I've added one sentence with regard to your 2nd remark. Thanks! grtz Miek
signature.asc
Description: Digital signature
