What makes them "special", in my opinion, is that they are sysadmin
errors, really.
Wrong setup of time-sync of the servers.
DNS(SEC) may suffer from the consequences, but is, by itself, not to
blame.
One can only anticipate by, at authoritative side, not follow the timing
recommendations
too strictly.
By which I mean, interpret the recommendations as minimum only,
wait some more time before taking the next action.
If DNSSEC RFC's can do more to take sysadmin errors into account ?
I think more then stating
"timing are minimum only,
in practice, allow some more time"
is the best that could be done.
Kind regards,
Marc Lampo
-----Original Message-----
From: Masataka Ohta [mailto:[email protected]]
Sent: 07 October 2011 12:05 AM
To: Marc Lampo
Cc: 'IETF DNSOP WG'; [email protected]; [email protected]
Subject: [POSSIBLY SPAM] Re: [DNSOP] clarification suggestion for
draft-mekking-dnsop-dnssec-key-timing-bis and
draft-morris-dnsop-dnssec-key-timing
Importance: Low
Marc Lampo wrote:
> True, of course, they can happen.
They always happen.
> But I don't think special "cases" must be shown in these RFC's
> to reflect such errors ...
How can you say them "special"?
Masataka Ohta
_______________________________________________
DNSOP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dnsop
