On Feb 8, 2016, at 17:05, Linus Nordberg <linus at nordu.net> wrote: Hi, I'm ready to start testing some code. In order to save some time, I'm asking the list for test data. I suggest that we define "Inputs" for our newly invented "add-ds-rr" HTTP entry-point (similar to RFC6962 section 4.1) like this: chain: An array of base64-encoded RRsets in DNS wire format. The first element is a single DS RR to be added to the log. The next element is an RRSIG RR for the DS RR. After that follows all the RRsets necessary to validate the DS RR up to a known root. The RR types allowed are DNSKEY, RRSIG and DS. Now please tell me where this will fail. :) Or provide me with a chain like described above for a DS record of your choice that's valid using the DNSSEC root as a known root. Thanks, Linus _______________________________________________ DNSSEC-Transparency mailing list DNSSEC-Transparency at lists.sunet.se https://lists.sunet.se/listinfo/dnssec-transparency