Peter & Tim, Unfortunately we ran out of time in the DNSOP session yesterday and I don't feel we left with a plan to move forward on the various "parent-child-update" documents and scenarios. However I think it is *critical* that we DO move forward with these documents as this issue is one of the big barriers for smoother operation of DNSSEC.
I think there was a strong sense in the room that we definitely need to work on this overall issue and I think at the end we were getting hung up on some process points (and I admit that *I* was contributing to that confusion)... and then we simply ran out of time. What do you see as a path forward here? How can we progress these documents? The point I was trying to make in the final minutes was that we need something *more* than just these documents to help get these solutions actually out there and deployed. I think we need to provide operational guidance to registrars and registries on the different mechanisms for updating these type of DNS records and explain the options that we have available. We need to make it easy for them to understand how the mechanisms fit together and can be used in different situations. But I think that kind of document can be written separately from moving the other documents forward (and yes, I'm willing to help with text and not just say that "someone" should write a doc). I don't see why we can't adopt the CDS/CDNSKEY and CSYNC drafts as working group documents and continue to move them along - we've had significant discussion on these over the past several meetings and also on the lists: http://tools.ietf.org/html/draft-kumari-ogud-dnsop-cds-05 http://tools.ietf.org/html/draft-hardaker-dnsop-csync-01 Similarly, I think Mark's draft could be another one to consider adopting for situations where people want to operate the push-style model: http://tools.ietf.org/html/draft-andrews-dnsop-update-parent-zones-00 I think we need some more discussion on that document before we adopt it (I haven't seen any on the list, or did I miss it?) but I don't see any issue with ALSO having a document like it as a working group document. There will be multiple models for different situations. Additionally, I think Paul's document on use cases is one that we should be bringing back into circulation (thanks, Matthijs, for the pointer after Paul mentioned it yesterday): http://tools.ietf.org/html/draft-wouters-dnsop-secure-update-use-cases-00 Anyway - I think we do need to move this whole area of work forward as rapidly as we can. My 2 cents, Dan -- Dan York, [email protected] http://danyork.me http://twitter.com/danyork
_______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
