Hi Jelte,
On 11 Nov 2009, at 09:42, Jelte Jansen wrote:
the slide that mentioned algorithm rollover mentioned it at a
diagram of
double-signature rolls, which will probably not be sufficient
for that, see
http://tools.ietf.org/html/draft-ietf-dnsop-
rfc4641bis-01#section-4.2.4
I don't remember exactly what I said, but what I meant was not that
"double signature" is sufficient to accomplish an algorithm rollover,
only that it was needed as part of one. So I think you and I agree hee.
(btw i agree with olaf that some form of collaboration between these
documents
might be nice)
Of course there will be, although I'm still skeptical about circular
dependencies.
as for the current section on algorithm rollover, i simply don't
understand it.
But that might be because my brain tries to shut down at the part
mentioning
different TTLs there).
I think we need to work a bit on that section as we mostly just
mention algorithm rollovers.
This falls down into the question about whether to cover all the
rollover "methods" or make a recommendation and only cover that
alternative. My take away from the WG was that the key timing doc
should not make recommendations, but describe all the alternatives.
I think a reference to 4641bis and a scheme to match the text there
would be nice
My primary issue with that is that as soon as we refer to 4641bis
there is a circular dependency and then the two documents must be
published together. My secondary issue is that I maintain my position
that the key timing document is "theory" while 4641bis is "practice".
Therefore, as the key timing document covers a more narrow topic in
greater depth, there is just no way to avoid references from 4641bis
to us.
Regards,
Johan
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAkr6eRIACgkQ4nZCKsdOncVaOQCfVn12/XrqedbgI4YUgJ/sML6w
YbsAnAhuPRy7jCw3bZk8w4kKAAmy6/N6
=CueD
-----END PGP SIGNATURE-----
_______________________________________________
DNSOP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dnsop
_______________________________________________
DNSOP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dnsop
