[dnssec-deployment] aug2004 CAM of interest?
Edward Lewis
edlewis at arin.net
Tue Aug 17 17:33:38 EDT 2004
At 17:15 -0400 8/17/04, David Blacka wrote:
>I believe the DNSSECbis documents solve this problem:
>
>>>From draft-ietf-dnsext-dnssec-protocol-07, section 2.2:
>
> There MUST be an RRSIG for each RRset using at least one DNSKEY of
> each algorithm in the zone apex DNSKEY RRset.
Oh, good, that was the needed passage. I was afraid it was shot out
(and was too lazy to look for it myself).
>> Multiple algorithms and mixing mandatory-to-implement with
>> experimental algorithms is a box owned by Pandora.
>
>Handling this looked pretty straightforward to me, but perhaps I am missing
>something.
Just old fears in me...;)
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis +1-703-227-9854
ARIN Research Engineer
"I can't go to Miami. I'm expecting calls from telemarketers." -
Grandpa Simpson.
More information about the Dnssec-deployment
mailing list