[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: MagicType draft

[On 16 Nov, @ 15:52, Edward wrote in "Re: MagicType draft ..."]
> At 4:07 -0500 11/16/04, Miek Gieben wrote:
> >           Online Signing of Negative and Wildcard Responses
> >                   draft-gieben-bert-response-00.txt
> 
> >4.  Interaction with DNSSECbis
> >
> >   To permit this online signing method to interact with DNSSECbis we
> >   will take the high bit from the algorithm field of the DS record and
> >   use it to indicate whether the child zone is signed with DNSSECbis or
> >   this online signing method,  0 indicates DNSSECbis, 1 indicates this
> >   method.
> 
> What happens if there is a mix of DNSSECbis and "this method" keys in a DS 
> set?

I'm adding this to the "Loose Ends" section... :-)

But I guess the answer is, you mustn't do that. If we say you MUST NOT
do that, it would conflict with DNSSECbis.

This shows IMO that using the algorithms field of DS is a hack, and
maybe we should do what Roy suggested and use a new DS type for this
all together,

grtz Miek

--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>