-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 07/24/2012 03:59 PM, Paul Wouters wrote: > On Tue, 24 Jul 2012, Matthijs Mekking wrote: > >> But both descriptions may be valid at the same point in time. So >> I would like to say the key can be Published and Active at the >> same time. > >> 2. A key can have more than one state at a time. > > I would not be in favour or using "states" where there is no clear > distinction between the key states. Looking at implementors of key > management software using state machines, we really should help > them by using solid state definitions that do not overlap.
The whole idea of the proposed suggestion is to make the distinction in key states more clear. The reason for the overlap to occur is that key *components* have a state and these states use a solid definition. Published says something about the DNSKEY record. Active says something about the RRSIG records. > > So "Published" would need to include "not used for signing" so it > can never overlap with "Active". But there are (obvious) situations that a Published key is used for signing, e.g. the key is Active. That doesn't matter, as long as the states for one key component do not overlap. Matthijs > > Paul _______________________________________________ DNSOP mailing > list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJQD6QTAAoJEA8yVCPsQCW5dzYIALclPELerCbk15DLwi3r4UjW Oq9t3EzLQL+OoxK1YAVT+lAJzyD1pFnixXdgC2AVZqbjigEHMXWZIQIfHCJGhvpD j1lALhSnIvpTjCKaYIlluF4anA+B12euz8ePe6h0U4/v1TW+HzDTvfboUDv0sLep TcfXzZW7OerPnrdMSZNSlt1EIAF49Cqkbob4sU8cl0sKQ6qHC5s3GJr0BQiTilyJ qCOvmGc27htaq1ScMp9geP7Kbah7Y5C7FOMFUmQ1OaQ7bPaukk+bZSXa7VbRDHR4 0mcEUocDbV7P4uuWqqmMvC4A+yrPUmphd/wPILQmkhFIbVv2Rolq7v7XeJ/I2oc= =iOTv -----END PGP SIGNATURE----- _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
