On Tuesday, April 15, 2014, Paul Hoffman <paul.hoff...@vpnc.org> wrote:
> This looks greatly improved from the -03 that started the WG Last Call. It > clears almost all of my concerns, particularly about the overly-loose > language. > > There is still one assumption being made of the reader that I think can > cleanly be cleared up. The first paragraph of the introduction says: > > When a DNS operator first signs their zone, they need to communicate > their DS record(s) (or DNSKEY(s)) to their parent through some out- > of-band method to complete the chain of trust. > > I think the concept of what is being told to the parent would be much > clearer as: > > When a DNS operator first signs their zone, they need to communicate > their > keying material to their parent through some out-of-band method to > complete > the chain of trust. Depending on the desires of the parent, the child > might > send their DNSKEY record, a DS record, or both. Looks good, thank you for the text, I'll integrate it tomorrow. W > > --Paul Hoffman > _______________________________________________ > DNSOP mailing list > DNSOP@ietf.org <javascript:;> > https://www.ietf.org/mailman/listinfo/dnsop >
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
