Re: [DNSOP] Last Call: <draft-ietf-dnsop-child-syncronization-02.txt> (Child To Parent Synchronization in DNS) to Proposed Standard

[Wes Hardaker <wjhns1@hardakers.net>]

George Michaelson <ggm@algebras.org> writes:

> are you saying you want one document? they appear to do slightly different things. One signals DS/DNSKEY update and nothing
> else. The other has a flagword capable notation and signals intent about immediacy or SOA timed change, in and out of
> baliwick, and the NS list. 
>
> I could imagine a net win by the authors banging this into one
> document. YMMV

This was heavily discussed in the WG meetings.  The authors actually
don't want them to be merged (and this was the result of the long WG
consensus too).  One deals with the security implications of the
security specific bootstrapping records (the DNSKEY and DS record), and
the other *requires* the use of that record to be already operationally
complete.  The delegation-trust-maintainance document also requires a
different security evaluation when performing the record authorization.
I.E., the CDS record must be signed by the SEP key (KSK), not just
any-old non-SEP key (a ZSK).  The child-synchronization draft doesn't
require this to be true.

So though it *looks* like the problems are similar, there are a bunch of
underpinnings that make them rather different.  Hence the reason we
don't think it's wise to merge them, as it'll actually make it
problematic from a writing and reading perspective: processing of the
records is quite different (and needs to be).

-- 
Wes Hardaker
Parsons