On Thu, 21 Jan 2010, Olaf Kolkman wrote:
In trying to get a reasonable version 2 out of the door before Anaheim I am
trying to identify and where possibly close open issues.
As a reminder: http://www.nlnetlabs.nl/svn/rfc4641bis/trunk/open-issues/ has
the open issues listed and a per issue highlight of their history.
I still don't see any recommendations regarding NSEC vs NSEC3. I mailed you
some comments about two IETF's ago I believe. Do you still have that email,
or should I try to dig it out?
This thread, about the use of HSMs, is captured in
http://www.nlnetlabs.nl/svn/rfc4641bis/trunk/open-issues/HSMs the content of
that page is replicated below.
That looks fine to me. Perhaps clarify that the "someone" who could make a
copy of your key could be the zone operator, and that in some situations
you might want to trust the zone administrator with the ZSK, allow him to
use the HSM based KSK, but not give him access to read or copy the private
key of the KSK. This would allow one to keep using the KSK even after a
zone administrator has left the organisation.
Paul
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
