On Tue, Aug 25, 2015 at 11:02 PM, Shane Kerr <sh...@time-travellers.org> wrote:
> Paul, > > On Tue, 25 Aug 2015 18:15:02 -0400 (EDT) > Paul Wouters <p...@nohats.ca> wrote: > > > On Tue, 25 Aug 2015, Ólafur Guðmundsson wrote: > > > > > This is a proposed update the CDS/CDNSKEY processing to address the > omission in RFC7344. > > > Comment please, > > > > As you state, it was an omission on purpose. The document wanted to > > ensure the security state was never changed from insecure <-> secure. > > I believe it is useful to specify a method for those who can or are > > willing to use it to do so. > > I agree completely. > > Perhaps we can add blinking red letters of warning to the draft for > users? ;) > > It should be obvious to the person reading it, but should we add a warning, in both the "Abstract" and the "Security considerations" sections, that this reduces the security of the domain? Just so no one says we did not warn them. I would at least add it to the Security section, just for completeness. -- Bob Harold
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
