This looks greatly improved from the -03 that started the WG Last Call. It clears almost all of my concerns, particularly about the overly-loose language.
There is still one assumption being made of the reader that I think can cleanly be cleared up. The first paragraph of the introduction says: When a DNS operator first signs their zone, they need to communicate their DS record(s) (or DNSKEY(s)) to their parent through some out- of-band method to complete the chain of trust. I think the concept of what is being told to the parent would be much clearer as: When a DNS operator first signs their zone, they need to communicate their keying material to their parent through some out-of-band method to complete the chain of trust. Depending on the desires of the parent, the child might send their DNSKEY record, a DS record, or both. --Paul Hoffman _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
