Matthijs Mekking <[email protected]> writes:
Thanks for all your points, and I've gone through and handled them all
in the text (including discussing that we update 7583 per your request).
> 2. waitTime only adds one queryInterval, while Itrp adds two. I believe
> to be safe on the publishing side, two queryIntervals is needed. RFC
> 7583 explains:
>
> A validator will treat it as a trust anchor the next
> time it retrieves the RRset, a process that can take up to another
> queryInterval (the third term).
This is the one that had me think with a whiteboard for a while. If I
can sum it up differently, the problem is that 30 days may not be a
factor of the queryInterval. Thus:
N * queryInterval >= 30
Where N is the number of queries to get somewhere over 30 days.
So Irtp is waiting an extra queryInterval to account for this
possibility.
Mathematically, I think the actually time needed to wait is 30 %
queryInterval, which may actually be 0 in some cases and just shy of
queryInterval in others. Sound about right?
> 4. Both definitions (Itrp and waitTime) don't really take into
> consideration the retryTime defined in RFC 5011. Perhaps that can be
> used for defining the extra safety margin.
I'll have to add some text about that. I don't think we can solve the
case for broken networks, though. But it's an important point to bring up.
--
Wes Hardaker
USC/ISI
_______________________________________________
DNSOP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dnsop
