% At 14:10 2002-10-07, Bill Manning wrote:
% > some concerns:
% >
% > DS only works in snapshot code. And the publicly availble
% > snapshots have known, serious operational problems. We -REALLY-
% > need more stable code before committing this to production.
%
% Bill this is version 00 of the draft, your concerns are noted but
% this particular experiment is not starting next week or next month.
% This is the documentation for the experiment and Johan is seeking feedback.
documentation for -an- experiment. an experimental setup has
existed and been running for over 2 years. Signing the root
zone in this testbed has been operational for three months,
nearly as long as ther has been DS capable code. I remain
leary of experimentation with the live system.
% > the selection of RIRs. RIRs -DO- have the DNS as a primary
% > field of activity. (see in-addr.arpa.) The holders of
% > forward space (.SE, DE, NL, etc.) become disinfranchised
% > "customers".
%
% RIR are geographically competent operators for this experiment,
% for future production Layer 9 will become involved.
"geographically competent" - now there's a turn of phrase :)
-IF- this is really an experiment, with the live system,
then bounding the experiment is prudent. I'd be -very-
leary of giving even the suggestion of "early-implementor"
bias to one vector of the possible keyholder pool.
% > "sufficient number" and "out-of-band" are concepts that
% > really need some concrete recommendations.
%
% Yes, suggestions.
More experimentation in the operational testbed may generate
some empirical numbers/processes that work. Not convinced
that running this on the live system is reasonable.
% > key duration should be better fleshed out. Experiences from
% > the existing testbed may be useful.
%
% yes, suggestions please,
% as well as key length key set size etc, etc.
More work within the existing testbed will generate such
numbers that have some grounding in experience.
% > key publication methods have been explored but do need further
% > work.
%
% agreed, this is one of many the research programs that this experiment
% will hopefully shed some light on what works and what does not.
% Issues involve:
% - DS or KEY as published record
% - where to publish
% - is there a way to auto-configure resolvers trusted keying list
So... why are we considering experimenting with the live,
production root system at this time? IMHO, this is lunacy.
We have a working, experimental system in play where most
(all) of these issues can be tested. Folks that have
serious commercial interests in a stable system will not be
amused when we start experimenting with the systems that
they depend on.
% Olafur
--
--bill
