As reported at the WG meeting at IETF-80, to complement feedback from the WG, the authors of draft-ietf-dnsop-dps-framework organised a survey of the members of CENTR (Council of European Top Level National Domain Registries). The aim of it was to find out whether the draft reflects what is actually in DNSSEC practice statements and indeed, whether it is influencing them. The survey was carried out during Feburary/March 2011 and there were 19 respondents.
-- 1. Have you implemented/are you planning on implementing DNSSEC? * DNSSEC is implemented: 42% * We're implementing DNSSEC: 32% * We're planning DNSSEC: 16% * No concrete plans: 5% * Other: 5% 2. Have you written/are you planning on writing a document outlining the policy and practices you will follow? * We have a policy document: 47% * We don’t have a policy document but we're writing or planning to write one: 37% * We don't have a policy document: 16% 3. If the answer to (2) is no (no document and no plans), why not? Reasons included being in a DNSSEC trial period and not being far enough along in the planning. 4. If the answer to (2) is yes (you have, or you're planning one), what are your reasons for writing the document? The principal reason was transparency with registrars and the community, but also cited reasons was that it formed part of the design documentation of the DNSSEC implementation. 5. If the answer to (2) is yes (you have, or you're planning one), does the document cover: * Stakeholder identification: 87% * Key details and controls: 80% * Details of physical controls: 80% * Details of personnel controls: 60% * Auditing: 67% * Disaster recovery: 73% * Technical policy: 93% * Special procedures: 47% * DS record controls: 80% * Legal issues: 27% * Financial issues: 13% 6. Does your document cover anything not mentioned above? Answers included handling of DS records and use/motivation for the selected type of authenticated denial of existence. 7. Are you aware of the existence of the draft-ietf-dnsop-dnssec-dps-framework-03, which aims to assist anyone who is in the process of deploying DNSSEC to describe policies and/or practices? * Yes: 89% * No: 11% 8. If the answer to (7) is yes, have you made use of it as a checklist of DNSSEC readiness and/or an outline to create such a document mentioned in question 2? * Yes: 76% * No: 24% A couple of points from detailed comments: * One organisation felt that the draft was helpful although a bit too detailed in some points. * The DPS cannot exist in isolation, it needs to be integrated into a broader set of policy documents. -- >From the answers we got, we have made the conclusion that the section covering >legal issues and financial responsibility has been too comprehensive and only >useful for a relatively small number of the respondents. For this reason it >has been greatly reduced in the -04 version of, removing all subsections and >leaving the main section with a brief explanation of its purpose and which >topics that may be included at the authors discretion. That is also the only changes that has been made to the -04 version, and any comments from the WG on the new version is as always greatly appreciated. - Fredrik _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
