On Wed, May 20, 2009 at 10:15:22AM -0400, Edward Lewis wrote: > At 14:38 +0100 5/19/09, John Dickinson wrote: > > >This was kind of my idea - so maybe I can explain my thinking a bit. I > >am wondering if this document should restrict itself purely to considering > >keys and say nothing about what is signed by those keys. Therefore, it > >would not use the KSK and ZSK terminology. > > You may be right about avoiding the KSK/ZSK terminology when thinking > about architectural correctness, but for the sake of operators and > policy makers there should be some written material "mapping" KSK/ZSK > into the the terminology of the document. We'll need some reference > material that glues this document into the language we use. > Otherwise we will end up with a cogent but misunderstood document > that will be ignored by the folks that need it the most.
What he said....I pulled up the thread to try to say exactly this, but it's now been said so I can stop. > BTW, I did read this document before drawing up plans for key > succession. The document has a great amount of detail. I had to > digest it and simplify it before I could put a plan in front of an > implementation and operations teams. It's not a level of > comprehension, but fewer moving parts is a good thing when it comes > to "heat of the battle" situations. I'd like to see the detailed architectural discussion, and the mapping from it into "ops terms" (KSK/ZSK and suggested practices or considerations), all in one document. I understand the argument for having a separate BCP to accomplish that, but I'd really like to have an integrated document to point people to for both good practice and its architectural rationale. Suzanne _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
