On Tue, Apr 15, 2014 at 4:23 AM, Antoin Verschuren <antoin.verschu...@sidn.nl> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > op 14-04-14 21:18, Warren Kumari schreef: > >>> Just checking -- do you want any action *on this doc*? I *think* >>> that we are generic/non-prescriptive enough that you can >>> implement whatever policy you want... > > Yes, like I said, I would like to have this line deleted in section 6: > > "A parent MUST NOT perform a consistency check between CDS and > CDNSKEY (other than for informational / debugging use) resource > records." > > That's not protocol, but prescriptive language that a parent is > disallowed to have a policy to verify the records.
Ah. Sorry, was not intentionally ignoring you, I just missed where you were meaning... > > I also think the line just above that: > > "The parent MUST choose to accept either CDS or CDNSKEY resource > records (based upon local policy), and MUST NOT expect there to be > both." > > is mixing up 2 things: > - -What the parent -accepts- > - -What the parent -uses- when both are present. > > I think it's perfectly fine for a parent to accept both, but it must > state which it will use when it sees both in the zone to manage > expectancy. > > So suggested text to replace that with: > > "The parent MUST choose to use either CDNSKEY or CDS resource records > as their default updating mechanism. > The parent MAY only accept either CDNSKEY or CDS, but it MAY also > accept both, so it can use the other in the absence of the default > updating mechanism, but it MUST NOT expect there to be both." DONE! Nice, thanks for the text... W > > - -- > Antoin Verschuren > > Technical Policy Advisor SIDN > Meander 501, PO Box 5022, 6802 EA Arnhem, The Netherlands > > P: +31 26 3525500 M: +31 6 23368970 > Mailto: antoin.verschu...@sidn.nl > XMPP: antoin.verschu...@jabber.sidn.nl > HTTP://www.sidn.nl/ > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.11 (GNU/Linux) > > iQEcBAEBAgAGBQJTTOyRAAoJEDqHrM883Agn5JYH+gIEg2aLAcaDTvJfa5I23vAY > rGyiBmT0oL9AmihDC1nNnFMascqev70Uu3txc1bKYOnhrLFCzqUwudcEnu4l1ha8 > JdQv8GfotXdwRHCuYxxEtn22J8XOtH+bCSVfvZlirJtCW3jCLQqNq3rZHOd1xGs6 > anocAxV5Sm6+btkrmxXCIMktt92uG4FXEGVgSaPxUO57K6+j5hVxS71VpGid2r77 > iqx3f0xl9p6AjKwJz2c0la1CuE/+mG0/8uH6m/rSQXfB/nYDzDPa9IO74baEjRkO > 5WOxVJ7WBiFfpGX6UNdN9ui+dixHqn0ugkOAWz89Pu0k7fbaEzI1Z4nME0dBhvU= > =H1BY > -----END PGP SIGNATURE----- _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
