On Fri, 8 Apr 2016, Jacques Latour wrote:
two things I see;
1) the CDNSKEY, since CDS and CDSNKEY are used interchangeably in the document,
"inserts the corresponding DS RRset as
requested" does not work for the CDNSKEY, the parental agent must compute a DS and
pick an algorithm & digest type based on the
Parental Agent policy.
Agreed. We will fix it in the next version.
2) if the parental agent does not 'like' the requested CDS parameters, then the
parental agent can create a DS as per Parental
agent policy, with algorithm & digest type of choosing.
This supports parental agent that publish the DS as requested by the child, and
support parental agent that want to publish DS
conform to their policies.
If the child uses CDS, and requests a DS type, and the parent does not
like the DS type, I think the parent should refuse the update.
Paul
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
