On Mon, Oct 30, 2017 at 7:29 PM, <internet-dra...@ietf.org> wrote: > > A New Internet-Draft is available from the on-line Internet-Drafts > directories. > This draft is a work item of the Domain Name System Operations WG of the > IETF. > > Title : BULK DNS Resource Records > Authors : John Woodworth > Dean Ballew > Shashwath Bindinganaveli Raghavan > David C Lawrence > Filename : draft-woodworth-bulk-rr-07.txt > Pages : 16 > Date : 2017-10-30 > > Abstract: > The BULK DNS resource record type defines a method of pattern-based > creation of DNS resource records based on numeric substrings of query > names. The intent of BULK is to simplify generic assignments in a > memory-efficient way that can be easily shared between the primary > and secondary nameservers for a zone. > > > The IETF datatracker status page for this draft is: > https://datatracker.ietf.org/doc/draft-woodworth-bulk-rr/ > > There are also htmlized versions available at: > https://tools.ietf.org/html/draft-woodworth-bulk-rr-07 > https://datatracker.ietf.org/doc/html/draft-woodworth-bulk-rr-07 > > A diff from the previous version is available at: > https://www.ietf.org/rfcdiff?url2=draft-woodworth-bulk-rr-07 > > I don't understand this section:
5.1.1. On-the-fly Signatures ... One possibly mitigation for addressing the risk of keeping the zone signing key online would be to continue to keep the key for signing positive answers offline and introduce a second key for online signing of negative answers. Since every positive answer would be different, they would need a different signature, which would need to be generated online. Or do I not understand something? (Is this part of the NPN solution that was deleted?) -- Bob Harold
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
