-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Fredrik,
On 06/17/2011 04:56 PM, Fredrik Ljunggren wrote: > Matthjis, > > thank you for reviewing the document. The intention is to cover those > aspects you mention (key separation, number of keys and roll-over > scheme) in sections 6.4, 6.5 and 6.6. It is also intended that a drafter > of a DPS may put a rationale, explaining why a particular scheme has > been choosen, directly in the main component (6). I think you mean sections 4.6.4, 4.6.5 and 4.6.6. Those sections (especially the first two) cover ZSK specific rollover and KSK specific roll-over schemes and are relevant in case a zone is subject to a KSK/ZSK Split Signing Scheme. However, if a zone is subject to a Single Type Signing Scheme, different roll-over schemes are relevant. The main component of 4.6 already says: This component covers all aspects of zone signing, including the cryptographic specification surrounding the Key Signing Key and Zone Signing Key, *signing scheme* and methodology for key roll-over and the actual zone signing. I think 4.6.4 and 4.6.5 cover methodology for key roll-over. I miss a section that says "Signing Scheme: This subcomponent describes which signing scheme is in use." Best regards, Matthijs > > For this reason, I'm concerned that a new component may overlap with > those already existing. However, I do agree that the intentions > described above are not very clear (section 4.6.4 - 4.6.6 of the > document), and could be explained in more detail. Would that fulfil your > purpose, or did I misunderstand you? > > -- Fredrik Ljunggren > > > On 16 jun 2011, at 23:37, Matthijs Mekking <[email protected] > <mailto:[email protected]>> wrote: > >> I have read it and have one comment: >> >> I would have expect that section 4.6. on Zone Signing would have a >> subcomponent on Signing Scheme. Such a subcomponent would address the >> number of keys used for signing and what roles (zsk, ksk) they fulfill. >> >> I would like to see this addition and I support its publication as >> Informational. >> >> Best regards, >> >> Matthijs >> >> >> On 06/13/2011 07:22 PM, Stephen Morris wrote: >>> Dear DNSOP WG, >>> >>> This is to initiate a working group last call (WGLC) on >>> >>> "DNSSEC Policy & Practice Statement Framework" >>> draft-ietf-dnsop-dnssec-dps-framework-04.txt >>> >>> Owing to the length of the document, the WGLC will last for three weeks >>> instead of the usual two, and will therefore end on >>> >>> Monday, 4 July 2011, 23:59 UTC <x-apple-data-detectors://2> >>> >>> The IETF tools site gives easy access to the current and previous >>> versions, as well as differences and the like, at: >>> >>> <http://tools.ietf.org/html/draft-ietf-dnsop-dnssec-dps-framework-04>http://tools.ietf.org/html/draft-ietf-dnsop-dnssec-dps-framework-04 >>> >>> The document is aimed at a status of "Informational". >>> >>> Please review the document and send any comments you may have to the >>> list. If you have no comments but support (or do not support) the >>> document being published, please send that information to the list. >>> >>> The document is subject to the normal five reviewer threshold. >>> >>> Stephen and Peter >>> DNSOP co-chairs >>> _______________________________________________ >>> DNSOP mailing list >>> <mailto:[email protected]>[email protected] <mailto:[email protected]> >>> <https://www.ietf.org/mailman/listinfo/dnsop>https://www.ietf.org/mailman/listinfo/dnsop > > > > _______________________________________________ > DNSOP mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/dnsop -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJN/v41AAoJEA8yVCPsQCW5MAkIAL93MT6fcSBVNVWEMNUbHdaz 8yjwd+LFVva2T0Q8gsT1naop/Gv8d6xR+47zESEm25y2FZgW+7yYkqOkQhmZ4Vrb QnheXSL0o5fObglnOxV+7PHK4fX8EuCsxHyZ1dEqf5Q/SNX45rLaaYqF7WyCY9dZ RsOaDRTb5q2t7EmvFL5C09qn9yzNo65N+AvHjZhLdsMQ4pDhfNRxH83zRK0Sqg/M NaMMejUk6dWykYAHb8cC03NQOM7Pmw88synFcaIL7sNoZ+Np2jgMbxpKd9w1MG7n NHOKeZQfdN6uLPtodcfwF7qMsIuDBK7a/cFG+ryyjNKGbiEoBCrzs4lb/b/w5iU= =QCfl -----END PGP SIGNATURE----- _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
