[dns-wg] DNSSEC Policy Development Process

HI Olafje,

On 8/30/05, Olaf M. Kolkman <olaf at ripe.net> wrote:
ttp://www.ripe.net/rs/reverse/dnssec/registry-procedure.html
> >
> > "Is the signature validity period close to expiring and are the Times
> > To Live (TTLs) a reasonable fraction of the signature validity
> > period?"
<snip>
> We currently test on the TTL being at least 2 times smaller than the
> signature validity period.

ok, ta, sounds "reasonable" to me.

> 
> 
> > I'm confused about this para on same page:

> > It will use the "ds-rdata:" attribute of the domain object currently
> > available in the RIPE Whois Database to select the appropriate default
> > DNSKEY RR. It will then select a new "ds-rdata:" attribute."
> >
> > How do you use the "currently available object" to create an object if
> > this object doesn't exist until you create it?
> >
> 
> That text applies to when a key rollover is being performed. During
> the initial upload the default is
> the DNSKEY RR with the SEP flag set.

aha, sorry it wasn't clear to me at the time, it is now.

Will it be clear to non-english speakers who try to follow the
procedure?  Maybe a mention of the key rollover would generate less
confusion?

<snip>

> 
> I hope this clarifies.

yes, thnx.


-- 
Greetz,

McTim
nic-hdl:      TMCG