To:
DNSEXT <namedroppers@ops.ietf.org>
Cc:
Mark Kosters <markk@netsol.com>, <dnssec@cafax.se>
From:
Jakob Schlyter <jakob@crt.se>
Date:
Fri, 29 Jun 2001 18:39:23 +0200 (MEST)
Delivery-Date:
Sat Jun 30 08:11:29 2001
In-Reply-To:
<200106271101.HAA25179@ietf.org>
Sender:
owner-dnssec@cafax.se
Subject:
Re: I-D ACTION:draft-ietf-dnsext-dnssec-opt-in-00.txt
I think the opt-in flag should be moved to a separate RR, a modified version of Ed Lewis SEC RR would probably we a good choice (although I would perhaps like to call it ZSS for Zone Security Status instead). the opt-in flag is a per zone flag. as there could be multiple zone keys and if KEY would include this flag, all zone keys has to have the same flag (for that bit). also, as the zone key are signed by the parent, the child can not change from/to opt-in without having the parent sign the child's key. jakob -- Jakob Schlyter <jakob@crt.se> Network Analyst Phone: +46 31 701 42 13, +46 70 595 07 94 Carlstedt Research & Technology