On 20/10/2010 4:32 AM, Matthijs Mekking wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 10/20/2010 01:03 AM, Suzanne Woolf wrote:
On Tue, Oct 19, 2010 at 10:22:25AM -0400, Andrew Sullivan wrote:
On Tue, Oct 19, 2010 at 10:26:27AM +0200, Johan Ihren wrote:
B. "Better to publish what we have and initiate work on a -bis document
immediately. Also known as the "Perfect is the Enemy of Timely"-alternative.
I like this, but I'd like it more if there were text in the document
that said something like, "This represents current thinking at the
time of publication. The reader is reminded that DNSSEC is as of
publication in early stages of deployment, and best practices will
likely change in the near term." Or something like that. The idea is
to give the reader a clue that s/he ought to be keeping up with the
mailing lists and so on in order to understand what is happening.
Or even "These are the guidelines as best we understand them, as we
write, but we expect them to serve partly as a basis for further
discussion and experiment. If you find something better, bring it on."
Although we have already better understanding for guidelines that are
more complete and have improved clarity. So perhaps "These are the
guidelines as best we understood them" ;).
But perhaps B is the best option, although minor surgery is still needed
before publishing. That includes text like Andrew suggested. Then this
document can serve as input for -bis documents.
Best regards,
Matthijs
I agree that at this time option B is the best one.
I will send editors nits from my review of the document.
The disclaimer should be that this document covers only
rolling keys of the same algorithm, it does not cover
transition to/from/addition/deletion of different algorithm.
I would also recommend that this document be published as informational.
Olafur
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
