At 14:38 +0100 5/19/09, John Dickinson wrote:
This was kind of my idea - so maybe I can explain my thinking a bit. I am wondering if this document should restrict itself purely to considering keys and say nothing about what is signed by those keys. Therefore, it would not use the KSK and ZSK terminology.
You may be right about avoiding the KSK/ZSK terminology when thinking about architectural correctness, but for the sake of operators and policy makers there should be some written material "mapping" KSK/ZSK into the the terminology of the document. We'll need some reference material that glues this document into the language we use. Otherwise we will end up with a cogent but misunderstood document that will be ignored by the folks that need it the most.
Right or not, in operations, KSK/ZSK has become an essential concept. (Perhaps because it was workshop "ops" experience that gave rise to the terms.) If we have to go back and relate that to SEP or something else, we're just mapping terms to terms to concepts. An image of a car skidding on ice comes to mind.
BTW, I did read this document before drawing up plans for key succession. The document has a great amount of detail. I had to digest it and simplify it before I could put a plan in front of an implementation and operations teams. It's not a level of comprehension, but fewer moving parts is a good thing when it comes to "heat of the battle" situations.
-- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis NeuStar You can leave a voice message at +1-571-434-5468 Getting everything you want is easy if you don't want much. _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
