On 31.3.2017 05:48, Evan Hunt wrote: > I have reviewed draft-mglt-dnsop-dnssec-validator-requirements-04.txt and > some comments on the substance of it are below. (I'll also send some > grammatical nitpicks via private mail.) > >> However, without valid trust anchor(s) and an acceptable value for the >> current time, DNSSEC validation cannot be performed. This document lists >> the requirements to be addressed so resolvers can have DNSSEC validation >> can be always-on. > > This abstract, and the introduction below, both seem to suggest that the > intention of this draft is to list requirements for automatic bootstrapping > and recovery of DNSSEC without human intervention. However, several of the > requirements actually included in the text describe mechanisms of human > intervention: for example, insertion of negative trust anchors or the > ability to flush the cache. > > To my mind, any need for human intervention contradicts the idea of DNSSEC > being "always-on"; humans can't react instantly. So I suggest revising > the abstract and the problem statement to say that these are requirements > for a DNSSEC validator to be recovered when it fails, rather than for > it always to be on.
A document listing what can possibly go wrong with DNSSEC deployment in real world and what "features/tools" software vendors have to provide to ease recovery is a good idea. Having said that, I support Evan's view that here we are not talking about "always-on" but more about "human intervention"/recovery. I think that all other Evan's comments are good ideas as well and improve the document. I'm looking forward to reviewing a new version of the document. -- Petr Špaček @ CZ.NIC _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
