On Apr 20, 2013, at 13:40, Paul Wouters wrote:
Now I'm confused about what you would like to see. You wrote:
My response is that the CDS should not automatically cause a change to
the DS, just marshall the data.
I am pushing to rely on a second factor (the security over the cc
channel
On Apr 22 2013, Edward Lewis wrote:
We really do need to drop the KSK and ZSK terminology because there are
Common Signing Keys coming back in vogue. The factor is whether a key
is a SEP or not. Recall that in the validation and signing engines,
the SEP bit is not significant, it is there for
On Apr 22, 2013, at 13:50, Chris Thompson wrote:
On Apr 22 2013, Edward Lewis wrote:
We really do need to drop the KSK and ZSK terminology because there are
Common Signing Keys coming back in vogue. The factor is whether a key
is a SEP or not. Recall that in the validation and signing
Edward Lewis ed.le...@neustar.biz writes:
My response is that the CDS should not automatically cause a change to the
DS, just marshall the data.
I am pushing to rely on a second factor (the security over the cc
channel to the parent) to verify the request.
Nothing is preventing that from
Edward Lewis ed.le...@neustar.biz writes:
I am unconvinced that the special signing rules mentioned in the draft
are warranted and is one of the main reasons I am not a supporter of
the draft. I have a fundamental objection to that specific provision.
Yes, even understanding the rationale
Wes Hardaker wjh...@hardakers.net writes:
For what it's worth: I'm sort of on the fence when it comes to needing
to sign with the KSK. There are so very very few key-split owners out
there that it's not a huge market for them, and I doubt any of them will
want to do CDS anyway to their
On 2013-04-22, at 17:17, Wes Hardaker wjh...@hardakers.net wrote:
Wes Hardaker wjh...@hardakers.net writes:
For what it's worth: I'm sort of on the fence when it comes to needing
to sign with the KSK. There are so very very few key-split owners out
there that it's not a huge market for
On 04/22/2013 02:19 PM, Joe Abley wrote:
On 2013-04-22, at 17:17, Wes Hardaker wjh...@hardakers.net wrote:
Wes Hardaker wjh...@hardakers.net writes:
For what it's worth: I'm sort of on the fence when it comes to needing
to sign with the KSK. There are so very very few key-split owners out
On Apr 22, 2013, at 5:41 PM, Doug Barton do...@dougbarton.us wrote:
On 04/22/2013 02:19 PM, Joe Abley wrote:
On 2013-04-22, at 17:17, Wes Hardaker wjh...@hardakers.net wrote:
Wes Hardaker wjh...@hardakers.net writes:
For what it's worth: I'm sort of on the fence when it comes to
On Mon, 22 Apr 2013, Warren Kumari wrote:
Um, I'm probably missing something obvious here, but you cannot use CDS to
enroll in DNSSEC. This means that you'll have to use the original out-of-band
system -- what if we extend Wes's radio buttons to include ZSK / KSK[0]?
Update the DS record
10 matches
Mail list logo
