Re: [dns-wg] DNSSEC Policy Development Process
-
To: Jim Reid <>
-
From: McTim <>
-
Date: Sat, 27 Aug 2005 09:35:42 +0300
-
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=WIYwAS+oEioH7Mh7ywsnnBhAo1z13Vsw5szIVTDk8E9FuulcAWSc2cof05Qwcn2Yek5RaAKoQg9B9oDAHrdkr0NH/OD9q9fhSNyigPanrhGAMoPgrzsLyHv8VOaGJboQHLPInqDr8zycLtZCO4WBCTUx3I37bFiUNkpR+PKgjnQ=
Hi Jim,
If I may bring this thread back on track.
I don't know why the WG is asked to comment on procedure as well as
policy, but here goes:
What does "reasonable" mean in the below sentence on:
http://www.ripe.net/rs/reverse/dnssec/registry-procedure.html
"Is the signature validity period close to expiring and are the Times
To Live (TTLs) a reasonable fraction of the signature validity
period?"
I'm confused about this para on same page:
"Web Interface Restrictions
We will develop a web interface to make it easy to create domain
objects with the appropriate "ds-rdata:" attributes. It will have some
operational restrictions
It will use the SEP flag to select the keys for which DSRRs are needed.
It will use the "ds-rdata:" attribute of the domain object currently
available in the RIPE Whois Database to select the appropriate default
DNSKEY RR. It will then select a new "ds-rdata:" attribute."
How do you use the "currently available object" to create an object if
this object doesn't exist until you create it?
I am clearly missing smt, but it escapes me at the moment.
I support Jim's suggestion in re: generic replacement of "DLV" mention.
The rest looks fine to me,
--
Cheers,
McTim
nic-hdl: TMCG
|
you are here: RIPE -> RIPE Maillists > Archives
