For BIND is is essentially useless as we use DNSKEYs as our trust anchors. You can go from a DNSKEY to a DS record. You can't go from a DS record to a DNSKEY, you can only select from a set of DNSKEYs the one or more (not that I expect that to ever happen) that matches a DS.
If you are going to publish trust anchors they should be easy to use. No one types in DS or DNSKEY records so data length really shouldn't be a consideration. They are all entered using cut-and-paste. There is no reason to only publish DS records. Mark In message <70fa923d-c067-492e-a1ea-7b88754c2...@gmail.com>, Suzanne Woolf writ es: > All, > > First, thanks to the engaging on this. > > On Oct 5, 2015, at 5:20 PM, "Joe Abley" <jab...@hopcount.ca> wrote: > > > > Perhaps it's time to sit back and wait for others here to express an opinio > n. > > I'd like to hear opinions from others in the WG with an operational interest > in the DNSSEC root trust anchor. > > Does this document meet a need you have? If so, how well does it meet the nee > d, and what would it take (if anything) for the document to meet that need mo > re effectively? > > I'm trying not to put the mechanics (whether/how/by whom published) ahead of > the actual purpose of publishing. > > > thanks, > Suzanne > > _______________________________________________ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
