[Dnssec-deployment] DS digest types 1 vs 2
Andrew Sullivan
ajs at shinkuro.com
Thu Jul 29 03:59:46 EDT 2010
On Wed, Jul 28, 2010 at 10:35:06PM +0100, Chris Thompson wrote:
> There is a meta-question here: is it the policy for the parent zone
> or that for the child zone that determines this? My own feeling is
> that the first is preferable
Me too. The DS is authoritative data in the parent and not in the
child. Therefore, IMO, it's parent policy that ought to determine
these things. That said, one parent policy could be, "We base our DS
algorithm selection on what the child tells us, because we want to
have a consistent approach across the zone cut."
A
--
Andrew Sullivan
ajs at shinkuro.com
Shinkuro, Inc.
More information about the Dnssec-deployment
mailing list