comments on ds-13

Paul Vixie <paul@vix.com> Tue, 11 March 2003 18:04 UTC

From: Paul Vixie <paul@vix.com>
To: namedroppers@ops.ietf.org
Subject: comments on ds-13
Date: Tue, 11 Mar 2003 17:57:46 +0000
Message-Id: <20030311175746.C0D55379E40@as.vix.com>
Sender: owner-namedroppers@ops.ietf.org
Precedence: bulk

olafur, you wrote (in draft-ietf-dnsext-delegation-signer-13.txt),

>> DS RRsets MUST NOT appear at non-delegation points or at a zone's apex.

why not?  i think you can say they are irrelevant elsewhere, but i don't
think there's a way to show that they are in any way harmful elsewhere.

as a simple document quality issue, there is no way to enforce this
requirement and no reliable way to even know when it has been violated.
so at best it would be a SHOULD not a MUST.

however, even as a SHOULD, it overreaches.  the proper attitude of a
document toward its protocol is to specify things which, if left
unspecified, will lead to loss of interoperability or functionality.
there is no such argument to be made for restricting the placement of
DS RRs (or for restricting the use of KEYs for that matter.)

paul

--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>

comments on ds-13 Paul Vixie