[dnssec-deployment] SEPs and TARs
Mark Andrews
Mark_Andrews at isc.org
Wed Apr 1 00:24:21 EDT 2009
I think we need to distingish between sep's published to
the parent (DS and DLV) and sep's published with the
expectation that they will be add to the semi-static
configuration of validators (e.g. ITAR).
When a zone publishes its sep's using DS or DLV it is done
in parent / child relationship (DLV is acting in a loco
parentis role) which gives one set of constraints on key
rollover.
When one publishes sep's using out-of-band techniques you
have a different set of constraints on key rollover. RFC
5011 is one example of such constraints. Others will be
published along side the DNSKEY/DS.
Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
More information about the Dnssec-deployment
mailing list