On 2012-07-24, at 12:25, Edward Lewis wrote: > At 17:05 -0400 7/14/12, Joe Abley wrote: > >> Any new work which needed to assert that both sets were the same would >> meet with little objection though, I think. > > I disagree. > > I would object to any strengthening of what is said in STD 13. > > Yes, the two sets are designed to be the same. But if they had to > always be the same, it would bi impossible to add or delete NS > records.
In this context, "the same" refers to the steady state: i.e. a mechanism which standardised the promotion of an updated, signed apex NS set to form a replacement delegation set in the parent would be one that enforced that steady-state similarity. This is in contrast to a conscious operational decision to keep the delegation and apex NS sets different in the steady state (which at least a couple of us have observed). My point was that prevalent deployment of such mechanisms which prevented (or made difficult to maintain) such conscious dissonance would likely meet with little objection. Joe
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
