In the words of Stephen Morris "DNSOP can now do add another skill to
its list: practicing the art of necromancy." This is the return of the
DNSSEC Key Timing draft. For those who are new; or don't remember; or
choose not to relive those days, a little bit of history:
Initially, the document draft-ietf-dnsop-dnssec-key-timing-03 had
gone through the working group and was in Working Group Last Call
(WGLC). The document stalled for various administrative reasons.
Soon after, a companion document titled
draft-mekking-dnsop-dnssec-key-timing-bis appeared, and stalled in
a similar manner.
This version of the document (which will be published as -04) does
reflects the original document, but was driven by the
consensus of the WG (which was and still is "ship it"). Hence, this
does not include (m)any updates of the draft in
draft-mekking-dnsop-dnssec-key-timing-bis. At the end of this email is
the list of larger changes that are spelled out in the appendix.
I am acting as Document Shepherd for this document, and the feeling is
that we feel this document needs 2-3 weeks of editorial review, and then
it would head back into WGLC.
*What we do need* Since this draft has several equations, there is a
need for 2-3 people to strongly review the changes and make sure
everything is still correct.
Lastly, I want to thank Stephen Morris, Matthijs Mekking, John Dickinson
and Johan Ihren for accepting the challenge from the chairs and putting
this back on track. I will make sure it makes it out this time.
tim
===============
(List of changes from previous version, from the Appendix)
o draft-ietf-dnsop-dnssec-key-timing-04
* Renamed to "DNSSEC Key Rollover Timing Considerations"
to emphasise that this draft concerns rollover timings.
* Updated 4641bis reference to RFC 6781.
* Add introductory paragraph to each rollover description
summarising its essential features.
* Remove detailed description of double-RRSIG ZSK rollover. It
is extremely unlikely to be used in any practical
situation.
* "Double-Signature" KSK rollover renamed to "Double-KSK" to
avoid confusion with the ZSK rollover of the same name.
* Removed section 2.3 (rollover summary) which just listed the
order in which records are published.
* Matthijs Mekking added as co-author.
* Changed Lzsk and Kzsk definitions: actual lifetime instead
of intended lifetime.
* Update diagrams and text to better reflect key states and key
lifetimes.
--- Begin Message ---
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Domain Name System Operations Working Group
of the IETF.
Title : DNSSEC Key Rollover Timing Considerations
Authors : Stephen Morris
Johan Ihren
John Dickinson
W. (Matthijs) Mekking
Filename : draft-ietf-dnsop-dnssec-key-timing-04.txt
Pages : 32
Date : 2014-07-04
Abstract:
This document describes the issues surrounding the timing of events
in the rolling of a key in a DNSSEC-secured zone. It presents
timelines for the key rollover and explicitly identifies the
relationships between the various parameters affecting the process.
The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-ietf-dnsop-dnssec-key-timing/
There's also a htmlized version available at:
http://tools.ietf.org/html/draft-ietf-dnsop-dnssec-key-timing-04
A diff from the previous version is available at:
http://www.ietf.org/rfcdiff?url2=draft-ietf-dnsop-dnssec-key-timing-04
Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.
Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/
_______________________________________________
I-D-Announce mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/i-d-announce
Internet-Draft directories: http://www.ietf.org/shadow.html
or ftp://ftp.ietf.org/ietf/1shadow-sites.txt
--- End Message ---
_______________________________________________
DNSOP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dnsop
