At 8:45 +1100 12/23/02, Mark.Andrews@isc.org wrote:
There is no benefit in a KSK if a KSK signs the entire zone.
The topic here isn't a "KSK" but a "bit to indicate that this is
intended to be a key-signing key."
I've not been persuaded to make a formal distinction between a ZSK
and KSK within the protocol. I have been persuaded to indicate the
intent of the key manager to use a key as "one that is to be
referenced by a DS RR."
From discussions held over the past year, the sentiment has been that
this bit is intended to help applications differentiate on key
management and to help the manual process of key management. The bit
is not intended as a in-protocol policy tool. I.e., as far as the
in-band protocol is concerned, the distinction between KSK and ZSK is
not made.
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis +1-703-227-9854
ARIN Research Engineer
--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>