At 14:08 -0400 5/12/09, Olafur Gudmundsson wrote:
We are trying to say that the key can be both KSK and ZSK but does not have to be.
Oh...
How about: "this DNSKEY might also be a zone signing key"?
Yeah.
Well RFC5011 requires you scan at least once a month, and recommends higher frequency, is that sufficient?
Sure.
# 4. Trust Anchor Maintenance
...
Same as above KSK and ZSK can be one key. There is no requirement that a KSK have the SEP bit set only a recommendation.
But then you should be referring to SEP and not KSK for the most part. I think.
-- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis NeuStar You can leave a voice message at +1-571-434-5468 Getting everything you want is easy if you don't want much. _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
