-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 op 14-04-14 21:18, Warren Kumari schreef:
>> Just checking -- do you want any action *on this doc*? I *think* >> that we are generic/non-prescriptive enough that you can >> implement whatever policy you want... Yes, like I said, I would like to have this line deleted in section 6: "A parent MUST NOT perform a consistency check between CDS and CDNSKEY (other than for informational / debugging use) resource records." That's not protocol, but prescriptive language that a parent is disallowed to have a policy to verify the records. I also think the line just above that: "The parent MUST choose to accept either CDS or CDNSKEY resource records (based upon local policy), and MUST NOT expect there to be both." is mixing up 2 things: - -What the parent -accepts- - -What the parent -uses- when both are present. I think it's perfectly fine for a parent to accept both, but it must state which it will use when it sees both in the zone to manage expectancy. So suggested text to replace that with: "The parent MUST choose to use either CDNSKEY or CDS resource records as their default updating mechanism. The parent MAY only accept either CDNSKEY or CDS, but it MAY also accept both, so it can use the other in the absence of the default updating mechanism, but it MUST NOT expect there to be both." - -- Antoin Verschuren Technical Policy Advisor SIDN Meander 501, PO Box 5022, 6802 EA Arnhem, The Netherlands P: +31 26 3525500 M: +31 6 23368970 Mailto: antoin.verschu...@sidn.nl XMPP: antoin.verschu...@jabber.sidn.nl HTTP://www.sidn.nl/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEcBAEBAgAGBQJTTOyRAAoJEDqHrM883Agn5JYH+gIEg2aLAcaDTvJfa5I23vAY rGyiBmT0oL9AmihDC1nNnFMascqev70Uu3txc1bKYOnhrLFCzqUwudcEnu4l1ha8 JdQv8GfotXdwRHCuYxxEtn22J8XOtH+bCSVfvZlirJtCW3jCLQqNq3rZHOd1xGs6 anocAxV5Sm6+btkrmxXCIMktt92uG4FXEGVgSaPxUO57K6+j5hVxS71VpGid2r77 iqx3f0xl9p6AjKwJz2c0la1CuE/+mG0/8uH6m/rSQXfB/nYDzDPa9IO74baEjRkO 5WOxVJ7WBiFfpGX6UNdN9ui+dixHqn0ugkOAWz89Pu0k7fbaEzI1Z4nME0dBhvU= =H1BY -----END PGP SIGNATURE----- _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
