On Jul 28, 2011, at 1:29 PM, Matthijs Mekking wrote: >>> My understanding of this paragraph is that there MUST be an RRSIG for >>> each RRset using at least one key of each algorithm in the DNSKEY RRset. >>> So that includes the DNSKEY RRset itself. *In addition*, the DNSKEY RRset >>> MUST be signed with the algorithms appearing in the DS RRset. >> >> Ok, so the snippet from 4035 alone appears to be ambigous to me. Is >> this clarified somewhere? > > Perhaps draft-ietf-dnsext-dnssec-bis-updates can add that clarification, if > appropriate.
If this is actually desired, then it would be *very* helpful to send text to the editors. Or at the very least, make an explicit request to the editors. We are having a hard time tracking things that people might want in dnssec-bis-updates. -- David Blacka <dav...@verisign.com> Principal Engineer Verisign Infrastructure Engineering _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
