On 25-10-16 15:15, Marcos Sanz wrote:
Matthijs,
my attention has been brought to the KSK rollover double-signature
style
described in 6781 and what I think is a mistake/oblivion there.
Section
4.1.2 states
[...]
You are right: DS_K_2 may only be provided to the parent *after* the TTL
of DNSKEY_K_1 has passed. RFC 7583 has more accurate timings for
rollovers. The corresponding timeline is described in section 3.3.1.
thanks for the pointer. RFC 7583 does it right.
That begs for the question: how to deal with the wrong information
propagated in 6781? Submit errata? Label it "Updated by 7583"?
I think an errata is appropriate.
Best regards,
Matthijs
Best,
Marcos
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
