Hi Here are two comments from me on this draft:
1. Introduction (2nd paragraph) "The rolling of the keys with the SEP bit on is one of the few tasks in DNSSEC that yet has to be fully automated." Rolling of a key is not the problem. It is the synchronization between the child and parent that needs to be fully automated. So just a re-write of this sentence is needed. And remember that we are not limited to SEP bit keys. 2. Access and Update Control (1st paragraph) The draft says that the child MUST NOT be able to update the data that the parent is authoritative for. But the parent is authoritative for the DS RRset, right? You later do specify what the child should be able to update, which includes the DS RRset. So there is a conflict between these parts. The first part only needs to be clarified. // RIckard _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
