To:
Andrew Sullivan <ajs@shinkuro.com>
Cc:
ietf-provreg@cafax.se
From:
Edward Lewis <Ed.Lewis@neustar.biz>
Date:
Tue, 26 Jan 2010 15:23:15 -0500
In-Reply-To:
<20100126193151.GK93724@shinkuro.com>
Sender:
owner-ietf-provreg@cafax.se
Subject:
Re: [ietf-provreg] Revision of 4310
At 14:31 -0500 1/26/10, Andrew Sullivan wrote: >On Tue, Jan 26, 2010 at 01:56:12PM -0500, Edward Lewis wrote: >> I am not sure what active/inactive means. > >Yeah, I don't know if this is the best term. Before we go fine-tuning >the terminology, however, we prolly oughta figure out whether this is >worth doing. I think my message was unclear. I wasn't trying to fine tune the terminology. I was trying to offer possible interpretations of the words in an attempt to understand the requirement. (Note I went back to the first message in the thread.) >> 3) that the DNSKEY set in the child zone is signed/not-signed by the >> corresponding private key. > >I don't think I understand this one. Do you mean that there's no >RRSIG for that DNSKEY record? To clarify - Yes. In this instance, "in-active" would cover having a DS appear, the DNSKEY appear, but no RRSIG created by the private key. That would make the DS "in-active" in terms of building a chain of trust. -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis NeuStar You can leave a voice message at +1-571-434-5468 As with IPv6, the problem with the deployment of frictionless surfaces is that they're not getting traction. -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- List run by majordomo software. For (Un-)subscription and similar details send "help" to ietf-provreg-request@cafax.se