-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Chris Thompson wrote:
> but they don't define "regularly". If they had said "you must check > at least once a week", and also made that policy known to their TLD > clients, then we could castigate PR for the removing their old KSK > too soon. As it is, the finger of blame is oscillating wildly. If no one actually did anything in malice, there is no finger of blame here IMHO. Just many fingers of learning. Even with automated scripts, ITAR importing for most people is a granular action; it's not done dynamically based upon some published TTL or expiry. Perhaps something as simple as "valid until" might be useful for an ITAR like thing, but only so long as it comes from the submitter of that key. - --Michael -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkqni7gACgkQ+NNi0s9NRJ3eEgCeOgOhh80xIAeprtQDNKPyn7tG kNwAn0MUX9zjJd2isaqa0+kZgg7Ewr+l =c7Cr -----END PGP SIGNATURE----- _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
