On 26 Apr 2018, at 7:15, Matthew Pounsett wrote:
I've found some confusing text in the KSK Rollover section of RFC
6781, and
I'm trying to decide whether to submit it as errata.
In section 4.1.2, which describes the various steps in a KSK rollover,
the
following text is meant to describe the last three steps:
new DNSKEY: During the "new DNSKEY" phase, the zone administrator
generates a second KSK, DNSKEY_K_2. The key is provided to the
parent, and the child will have to wait until a new DS RR has
been
generated that points to DNSKEY_K_2. After that DS RR has been
published on all servers authoritative for the parent's zone,
the
zone administrator has to wait at least TTL_DS to make sure that
the old DS RR has expired from caches.
DS change: The parent replaces DS_K_1 with DS_K_2.
DNSKEY removal: DNSKEY_K_1 has been removed.
The text for the "new DNSKEY" step seems to contain text that belongs
in
the other two. Even though rearranging it wouldn't change the
meaning,
it's not clear to me that this qualifies as simple errata.. it's
obviously
too big a change to just be fixing a typo.
Thoughts on whether I should submit it?
Or maybe we just put it on the pile of things that have come up
recently
that speak to a 6781-bis document.
An errata for that would be fine; such a report will probably get put
into the "Hold for Update" state, but at least it is publicly marked.
--Paul Hoffman
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
