[DNSOP] minor surgery on dnsop-dnssec-key-timing-01

Mon, 08 Nov 2010 09:47:07 -0800 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi dnsop,

Since major adaptations is out of the question for
draft-iet-dnsop-dnssec-key-timing-01, here follows a minor surgery.

Why take into account Ingc, the negative cache interval?
- -----------------------------------------------------------------------
In section 3.2.1 Pre-Publication Method, page 11, Event 3, Ipub is
defined in the case of the first key in the zone as:

        Ipub = Dprp + Ingc

There is no need for the Ipub delay for the first key. You can start
signing the zone with the ZSK as long as the trust anchor for the zone
is not available to validators. So, I would say Ipub equals 0 in case of
the first key.

Similar, in section 3.3.1 Double-Signature Method, page 19, Event 6, the
interval there takes into account the absense of the DS RRset. Here too,
the delay can be 0.


TTLsig should be max(TTL)
- -----------------------------------------------------------------------
On page 12, Iret (the retire interval) is defined as:

        Iret = Dsgn + Dprp + TTLsig

TTLsig should be max(TTLsig). And this is equal to max(TTL) of all
records in the zone. Also note that is about the TTL of the previous
version of the zone. Same for the referene to TTLsig on page 14, 15 (two
times),


Typo (had -> hand)
- -----------------------------------------------------------------------
In section 3.3.4.1 Addition of KSK, page 25:

        ... where the right had side

should be

        ... where the right hand side


Best regards,

Matthijs
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJM2CrYAAoJEA8yVCPsQCW5XIkIALElK/JOOmW78M2Kd8vgFjTU
kKugzGeoI1I53hPLSvsBr/nVilHw12WI9W5SyXwTVLAUENaVMccv++AQGRR0gL64
+IcAuBsQX0EXtQv8qcPFId6Fs9byh/RD7+EkiC39AdmZQJSMvZX0k1O/RMaAKXLL
iyvq7rL8PsRAR6Vq0Fym5vwCxawEXon/F5GDyv0wGKjsVtzP6MmKYMRO195bhoLK
G3Il+lg2Vr01R8xrtlB9I0VY0+Aqy50inibXHs0WuUY+xsMhSNUY2N3i13kEj2kV
itymjnPrYLAi7WKvQ2c/sCDK43V7/7YWpAUod9vIcfwmjTpGi6Q39mr6BzwLNsc=
=cMlO
-----END PGP SIGNATURE-----
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop

Reply via email to