Re: Keeping the KEY and SIG typecodes active

["Scott Rose" <scottr@nist.gov>]

As long as the KEY RR does not have the zone key flag bit set, it should be
alright.  However, the KEY will be signed by a RRSIG in the zone, which
would cause old (RFC2535) validators to consider it unsigned.

As for SIG(0) clients, if they don't now, that doesn't mean they won't
later, especially since that was the idea of SIG(0).

Scott
----- Original Message ----- 
From: "Sam Weiler" <weiler@tislabs.com>
To: "Scott Rose" <scottr@nist.gov>
Cc: <namedroppers@ops.ietf.org>
Sent: Tuesday, June 17, 2003 6:32 PM
Subject: Re: Keeping the KEY and SIG typecodes active


> > Topic: Keeping the KEY (typcode 24) and SIG (25) for transaction
> > authentication only.
>
> draft-ietf-dnsext-dnssec-2535typecode-change-02.txt (which finally
> cleared the i-d editor queue late this afternoon after being sent in
> on Thursday morning) keeps SIG for SIG(0), but still deprecates KEY.
> I'd appreciate it if folks would review the new sections of the draft
> -- there's a change list at the top of the document.
>
> Keeping KEY worries me a bit more, since it will appear in-zone and
> some 2535-aware things pay attention to it.  Must we really keep it?
> Do any of the SIG(0) _clients_ actually look at KEYs?
>
> -- Sam


--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>