-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi,
The dnsop wg adopted this draft at the IETF meeting and with discussion on the mailing list afterwards. The draft-ietf-dnsop-dnssec-trust-history-00 is a copy of draft-wijngaards-dnsop-trust-history-02. draft-ietf-dnsop-dnssec-trust-history-01 contains updates after the discussion in the working group. For your diff pleasure :-). As far as I can tell this captures all the comments. There is some new text to help validator operators decide on the deployment options facing them (secure-vendor-update vs better-than-nothing). I do not think this should become too extensive, but because there are protocol effects - the X years for old keys - it is therefore good to discuss the ramifications. Best regards, Wouter On 02/22/2010 11:00 AM, [email protected] wrote: > When DNS validators have trusted keys, but have been offline for a > longer period, key rollover will fail and they are stuck with stale > trust anchors. History service allows validators to query for older > DNSKEY RRsets and pick up the rollover trail where they left off. > > A URL for this Internet-Draft is: > http://www.ietf.org/internet-drafts/draft-ietf-dnsop-dnssec-trust-history-01.txt -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAkuCWjkACgkQkDLqNwOhpPjgHQCgpouFN36LhXJsLAcyO19Mg/6+ lgoAn1eVTByTKssRdbS1TdqDWJMiEw2v =oexU -----END PGP SIGNATURE----- _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
