On Tue, 25 Aug 2015, Ólafur Guðmundsson wrote:
This is a proposed update the CDS/CDNSKEY processing to address the omission in RFC7344. Comment please,
As you state, it was an omission on purpose. The document wanted to ensure the security state was never changed from insecure <-> secure. I believe it is useful to specify a method for those who can or are willing to use it to do so. I fear a non-technical discussion to uhm ... flare up :) For the technical part, if we write a document that states how to go from secure to insecure, why not just also include in that document how to go from insecure to secure. These operations are kind of orthogonal. Plus, we already implemented a prototype on how to do that, so we can just write that up (minus the TXT records alternative) I would also add a note that if you lose the private key, this document does not help you go insecure, as an out-of-band method will have to be used to signal that. IANA would also need to update the algo number 0 from "RESERVED" to something else - eg "NO DIGEST". Paul _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
