On 2/16/13 7:43 PM, "Paul Hoffman" <paul.hoff...@vpnc.org> wrote:
>Ted's misunderstanding of what you are proposing is a valid one. You >don't actually say what a negative trust anchor is, and what it is a >trust anchor for, until section 7. Readers such as Ted (and myself!) will >have strong prejudices by then. Yeah, I can see why you would say that! I will move Section 7 up in the doc so that I define a NTA at the top. >I would want to see something in the Introduction saying something like: > >This document discusses trust anchors for DNSSEC. A "negative trust >anchor" is equivalent to a "regular" DNSSEC trust anchor for a particular >instance of a recursive validating resolver. A negative trust anchor is >quite different from regular DNSSEC trust anchors in that they are local, >temporary, and definitely not distributed by IANA. They are trust anchors >only for DNSSEC, not for PKIX. Great feedback! Adding text to the abstract and introduction, and used much of the text above with a few tweaks (so advise if I've gotten it wrong once you see it in -04). Thanks! Jason > >That should help set the tone for the following sections that say how to >use them, and then the much later sections on what they actually are. > >--Paul Hoffman _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
