Hello all.
I've submitted the following draft which I'd like the working group to
eventually consider for adoption. I got some good feedback privately at
Berlin, but it may still need another version before a Call For Adoption
happens. In addition to whatever issues people notice themselves, there
are some specific things I'd like to get feedback on.
First, while this draft doesn't change anything in 6781, I believe it
represents new operational experience that should be added to 6781. With
the increase in gTLDs and the corresponding explosion in the number of
operators I believe that the number of transfers between registries will
grow, and easily-found operational advice to inexperienced operators will
be essential. I think this justifies the "modifies" meta-data, but I can
see how some may disagree. I'd like to get the feeling of the group on
that.
Second, the draft as it currently stands follows the style of 6781 in that
it doesn't spell out TTL waits between steps in the operator change
procedure, and leaves it as an exercise for the reader to incorporate
information from the key roll sections of 6781. I'm of two minds on this,
and think it may be useful to spell out the details of the operator change
procedure even though a thorough reading of the key roll procedures could
provide the necessary information.
Finally, I don't believe this draft raises any *new* security
considerations, so I've done my best to incorporate by reference the
security considerations from 6781. I'd like to know your thoughts on this
as well.
Thanks for your time,
Matt
---------- Forwarded message ----------
From: <[email protected]>
Date: 2 August 2016 at 09:22
Subject: New Version Notification for
draft-pounsett-transferring-automated-dnssec-zones-01.txt
To: Matthew Pounsett <[email protected]>
A new version of I-D,
draft-pounsett-transferring-automated-dnssec-zones-01.txt
has been successfully submitted by Matthew Pounsett and posted to the
IETF repository.
Name: draft-pounsett-transferring-automated-dnssec-zones
Revision: 01
Title: Change of Operator Procedures for Automatically Published
DNSSEC Zones
Document date: 2016-08-02
Group: Individual Submission
Pages: 6
URL:
https://www.ietf.org/internet-drafts/draft-pounsett-transferring-automated-dnssec-zones-01.txt
Status:
https://datatracker.ietf.org/doc/draft-pounsett-transferring-automated-dnssec-zones/
Htmlized:
https://tools.ietf.org/html/draft-pounsett-transferring-automated-dnssec-zones-01
Diff:
https://www.ietf.org/rfcdiff?url2=draft-pounsett-transferring-automated-dnssec-zones-01
Abstract:
Section 4.3.5.1 of [RFC6781] "DNSSEC Operational Practices, version
2" describes a procedure for transitioning a DNSSEC signed zone from
one (cooperative) operator to another. The procedure works well in
many situations, but makes the assumption that it is feasible for the
two operators to simultaneously publish slightly different versions
of the zone being transferred. In some cases, such as with TLD
registries, operational considerations require both operators to
publish identical versions of the zone for the duration of the
transition. This document describes a modified transition procedure
which can be used in these cases.
Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.
The IETF Secretariat
_______________________________________________
DNSOP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dnsop
