[Opendnssec-develop] KSK vs ZSK

Roy Arends roy at nominet.org.uk
Fri Mar 6 09:55:20 UTC 2009

Roy Arends wrote on 03/06/2009 10:38:50 AM:

> Rick van Rein <rick at openfortress.nl> wrote on 03/06/2009 10:15:52 AM:
> > Hi,
> > 
> > > Rick, that does not look less complex to me.
> > 
> > It isn't.  All I propose is to put the knowledge into the XML 
> > where I think it should go once you accept XML.  If we need to 
> > names like "ANY" we're bypassing XML as a modelling language.
> > 
> > Orthogonality is a tool to get the structure clearer, not simpler.
> > 
> > If there are exceptions, I'd rather see them out in the open instead
> > of concealing them in a "you know what I mean" term.  That is why I
> > think that a non-lingual interpretetation of a word like "ANY", 
> > or "ALL" can cause confision.  I'm not surprised that we're now 
> > these terms -- it is a sign that they are open for interpretation, and
> > thus, of misinterpretation.
> Rick, this is not really about terminology. We should pick the least
> confusing term, whatever that may be. 
> You're approaching this from a completely different angle. (no value
> statement, just an observation). 
> Yours is: explicitly state what a key can be used for, and can not 
> be used for. This is needed when there are overlapping realms, like ALL. 

> Ours is: explicitly state what a key can be used for. The rest 
> defaults to 'ANY' or 'default' or whatever term we coin for it. 
> Note that this is not about orthogonality, but design principle. 
> Like I said, the analogy here is the switch/case statement. 

Rick, let me try to be more clear before things spiral in an undesired 

I am not against orthogonality. not at all. 

My point is that we could have a value that we assign to a key to signify 
that it needs to be used when there are no other keys available. Assume 
that key gets the value XXX.

Your point is, to satisfy orthogonality, is that XXX signs everything. If 
types need to be excluded, exclude it explicitly. I'm fine with that. My 
intention was to make the exclusion implicit (hence I was looking to avoid 
the term ALL, and used ANY or DEFAULT). You seem opposed to that.

hope this helps


Roy Arends
Sr. Researcher
Nominet UK

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opendnssec.org/pipermail/opendnssec-develop/attachments/20090306/8e1f7cf3/attachment.htm>

More information about the Opendnssec-develop mailing list