[dnssec-deployment] aug2004 CAM of interest?
edlewis at arin.net
Tue Aug 17 17:33:38 EDT 2004
At 17:15 -0400 8/17/04, David Blacka wrote:
>I believe the DNSSECbis documents solve this problem:
>>>From draft-ietf-dnsext-dnssec-protocol-07, section 2.2:
> There MUST be an RRSIG for each RRset using at least one DNSKEY of
> each algorithm in the zone apex DNSKEY RRset.
Oh, good, that was the needed passage. I was afraid it was shot out
(and was too lazy to look for it myself).
>> Multiple algorithms and mixing mandatory-to-implement with
>> experimental algorithms is a box owned by Pandora.
>Handling this looked pretty straightforward to me, but perhaps I am missing
Just old fears in me...;)
Edward Lewis +1-703-227-9854
ARIN Research Engineer
"I can't go to Miami. I'm expecting calls from telemarketers." -
More information about the Dnssec-deployment