Folks,
The key-timing I-D has been discussed over a long time, but has
not been refreshed for a significant while. I think we should
make progress with this memo now (in line with the rfc4641bis I-D),
and have performed a review of the most recent WG draft version,
draft-ietf-dnsop-dnssec-key-timing-02.
I did not find any major issues with the text and recommend
to undertake steps to request publication soon.
Below are two small suggestions for improvement.
A somewhat more lenghty list of editorials and suggested textual
improvements has just been sent to the draft authors.
(A) dangling internal pointer
In Section 3.2.1, the description of Event 3 contains an,
IMHO misleading pointer:
| (The case of introducing the first ZSK into the zone is discussed in
| Section 3.3.5.)
This is not actually correct; Section 3.3.5 most exclusively
focusses onto the first *KSK* introduced, which does not apply
to the first ZSK in the split (KSK,ZSK) model, to which this
subject Section 3.2 on ZSK rollover relates.
As experience (e.g. with the root zone) has shown, in the absense
of a secure delegation or a trust anchor, in the split (KSK,ZSK)
model addressed by this section, the first KSK can be introduced
without regard to specific timing considerations.
So for simplicity, I propose to just drop the quoted note
from this section.
(Similar notes in subsequent sections of the I-D however are
appropriate.)
(B) cross-linkage to rfc4641bis
The rfc4641bis draft complements this draft and refers to it, and
it contains material that can help a reader starting with this memo.
Therefore, I suggest that the key-timing draft should in turn refer
(in the appropriate sections) to the descriptions and pictoral
representations of the various rollover scenarios in the rfc4641bis
document, where the life-cycle of DNSSEC-related RRs during such
rollover is depicted, for which the key-timing I-D provides the
timing details.
Kind regards,
Alfred Hönes.
--
+------------------------+--------------------------------------------+
| TR-Sys Alfred Hoenes | Alfred Hoenes Dipl.-Math., Dipl.-Phys. |
| Gerlinger Strasse 12 | Phone: (+49)7156/9635-0, Fax: -18 |
| D-71254 Ditzingen | E-Mail: [email protected] |
+------------------------+--------------------------------------------+
_______________________________________________
DNSOP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dnsop
