Miek Gieben wrote:
>
> > There is a simpler procedure for change of operator, which only requires
> > operators to be able to import extra DNSKEY RRs - the same for both the
> > old and the new operator. It does not require cross-signing as described
> > in rfc4641bis, and it does not require eith
[ Quoting in "[DNSOP] Error in rfc4641bis - chang..." ]
> This is horrifically late, I'm afraid - dunno if it's too late to fix it
> before publication...
This is indeed pretty late in the game...
> There is a problem in the procedure described in section 4.3.5.1. In the
> pre-publication phase
This is horrifically late, I'm afraid - dunno if it's too late to fix it
before publication...
There is a problem in the procedure described in section 4.3.5.1. In the
pre-publication phase the following things happen:
The new operator sets up a copy of the zone signed with new keys, with an
NS R
