3 Nov
2008
3 Nov
'08
8:11 p.m.
On 3 nov 2008, at 18.05, bmanning@vacation.karoshi.com wrote:
I think a more pragmatic reply (if the previous points are to be respected) would be something along these lines:
10. The organization that generates the root zone file must sign the file and therefore must hold the private part of the zone signing key.
or
10. The organization that generates the root zone file must have unfettered access to the zone signing key components.
I have a slight inclination towards the second.
I think the first of these is better as the word "unfettered" is not easy to understand if one is not english speaking. I for one have no idea what it means... The simpler the text, the better. Patrik