[ldns-users] how to use ldns-signzone with many KSK
Jelte Jansen
jelte at NLnetLabs.nl
Mon Apr 6 07:38:27 UTC 2009
Paul Wouters wrote:
> On Sun, 5 Apr 2009, Jelte Jansen wrote:
>
>> PS. I am aware that according to some people SEP does not equal KSK,
>> and those
>> people have pretty much convinced me that that is indeed the case
>
> Then we would need IANA to allocate another bit to denote this "non-KSK
> SEP"
> type of key, so we can distinguish between those and regular KSK's.
>
Why?
in principle, SEP should flag whether it may be configured as a trust
anchor, not what types of records are signed with it. That SEPs are
usually KSKs (and that KSKs are usually SEPs) is not really relevant
(although at this point that observation is used in signzone).
Jelte
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 260 bytes
Desc: OpenPGP digital signature
URL: <http://lists.nlnetlabs.nl/pipermail/ldns-users/attachments/20090406/059f0ea7/attachment.bin>
More information about the ldns-users
mailing list