On Fri, Feb 10, 2012 at 2:27 PM, Casey Deccio wrote:
> Unless future specification or implementation designated that delegation
> follow the same model as trust--that is, that a delegation only last as
> long as the parent said it did.
I hadn't previously read Paul's resimprove draft on this to
On Fri, Feb 10, 2012 at 7:37 AM, Stephane Bortzmeyer wrote:
> On Thu, Feb 09, 2012 at 12:38:42PM -0800,
> Casey Deccio wrote
> a message of 67 lines which said:
>
> > Actually, it should, in the spirit of DNSSEC.
>
> OK, so there is nothing that can be done at the registry level.
No.
> Only
>>> I recommend "activate" + "publish" at the same time.
>> I'd appreciate knowing your reasoning for preferring this
> You are going from unsigned to signed. There is no benefit in publishing,
> waiting then activating.
The IETF draft "DNSSEC Key Timing Considerations"
(http://tools.ietf.org/h
On Thu, Feb 09, 2012 at 12:38:42PM -0800,
Casey Deccio wrote
a message of 67 lines which said:
> Actually, it should, in the spirit of DNSSEC.
OK, so there is nothing that can be done at the registry level. Only
the resolver admin can use DNSSEC to solve the ghost domain problem,
by enabling
In message <92dd72be-8330-490d-8bf9-7b023fdab...@ucd.ie>, Niall O'Reilly writes
:
>
> On 10 Feb 2012, at 00:57, Mark Andrews wrote:
>
> > I recommend "activate" + "publish" at the same time.
>
> Mark,
>
> I'ld appreciate knowing your reasoning for preferring this
> approach o
On 10 Feb 2012, at 00:57, Mark Andrews wrote:
> I recommend "activate" + "publish" at the same time.
Mark,
I'ld appreciate knowing your reasoning for preferring this
approach over publication for later activation.
I suspect I might not be alone. 8-)
B
6 matches
Mail list logo
