-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi DnsOP WG,
As you saw announced, a new version of the trust history draft. Includes new sections (thanks Andrew Sullivan!) that explain why exactly these old keys, expired signatures, and revoked flags are useful and proper. The algorithm is mostly the same with minor nits, but the explanation for deployment has increased significantly. I would appreciate review of the working group, as I feel the algorithm is pretty much done, and if the considerations for usage can be shown then the draft can progress and help the soon-to-be-signed domains :-) . Handy link to the superb tools page with diff http://tools.ietf.org/html/draft-ietf-dnsop-dnssec-trust-history-02 Best regards, Wouter On 06/29/2010 03:30 PM, [email protected] wrote: > Title : DNSSEC Trust Anchor History Service > Author(s) : W. Wijngaards, O. Kolkman > Filename : draft-ietf-dnsop-dnssec-trust-history-02.txt > Pages : 11 > Date : 2010-06-29 > > When DNS validators have trusted keys, but have been offline for a > longer period, key rollover will fail and they are stuck with stale > trust anchors. History service allows validators to query for older > DNSKEY RRsets and pick up the rollover trail where they left off. > > A URL for this Internet-Draft is: > http://www.ietf.org/internet-drafts/draft-ietf-dnsop-dnssec-trust-history-02.txt -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.14 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAkwqA1UACgkQkDLqNwOhpPhIsACgnlanL5cHD+a8hpM/WxR4nGyD BPsAnj3TVrD2u1HRBZaCpMayggbIm7cQ =VLBl -----END PGP SIGNATURE----- _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
