Re: [DNSOP] Fw: New Version Notification for draft-yao-dnsop-accompanying-questions-01.txt

2016-10-25 Thread Jiankang Yao
From: Bob Harold Date: 2016-10-25 00:25 To: Jiankang Yao; IETF DNSOP WG Subject: Re: [DNSOP] Fw: New Version Notification for draft-yao-dnsop-accompanying-questions-01.txt > I like the concept. > thanks. > The AQ bit and count are probably unnecessary, the option length will > determine

Re: [DNSOP] RFC 6781 and double signature KSK rollover

2016-10-25 Thread tjw ietf
I agree with Matthijs. Looking at 6781 that makes the most sense. tim On Tue, Oct 25, 2016 at 8:17 AM, Matthijs Mekking wrote: > > > On 25-10-16 15:15, Marcos Sanz wrote: > >> Matthijs, >> >> my attention has been brought to the KSK rollover double-signature >>>

Re: [DNSOP] RFC 6781 and double signature KSK rollover

2016-10-25 Thread Matthijs Mekking
On 25-10-16 15:15, Marcos Sanz wrote: Matthijs, my attention has been brought to the KSK rollover double-signature style described in 6781 and what I think is a mistake/oblivion there. Section 4.1.2 states [...] You are right: DS_K_2 may only be provided to the parent *after* the TTL

Re: [DNSOP] RFC 6781 and double signature KSK rollover

2016-10-25 Thread Marcos Sanz
Matthijs, > > my attention has been brought to the KSK rollover double-signature style > > described in 6781 and what I think is a mistake/oblivion there. Section > > 4.1.2 states [...] > You are right: DS_K_2 may only be provided to the parent *after* the TTL > of DNSKEY_K_1 has passed.

Re: [DNSOP] RFC 6781 and double signature KSK rollover

2016-10-25 Thread Marcos Sanz
Hi Marc, > For .nl we have rolled the KSK conform the double KSK method as described in RFC7583. We didn't notice a mistake or oblivion there :-0 please consider that my comment applied only to RFC 6781. Best, Marcos ___ DNSOP mailing list

Re: [DNSOP] RFC 6781 and double signature KSK rollover

2016-10-25 Thread Marc Groeneweg
Hi Marcos, For .nl we have rolled the KSK conform the double KSK method as described in RFC7583. We didn't notice a mistake or oblivion there :-0 Grtz, Marc -Original Message- From: DNSOP [mailto:dnsop-boun...@ietf.org] On Behalf Of Matthijs Mekking Sent: dinsdag 25 oktober 2016 12:35

Re: [DNSOP] RFC 6781 and double signature KSK rollover

2016-10-25 Thread Matthijs Mekking
Hi Marco, On 24-10-16 17:47, Marcos Sanz wrote: Hi all, my attention has been brought to the KSK rollover double-signature style described in 6781 and what I think is a mistake/oblivion there. Section 4.1.2 states initial: Initial version of the zone. The parental DS points to