On Fri, Mar 23, 2018 at 5:53 PM, Frederico A C Neves <[email protected]> wrote: > On Fri, Mar 23, 2018 at 01:22:42PM -0400, Bob Harold wrote: >> On Fri, Mar 23, 2018 at 1:19 PM, Paul Hoffman <[email protected]> wrote: >> >> > +1 to the title “A Root Key Trust Anchor Sentinel for DNSSEC”. >> > >> > +1 to option #2 with the spelling correction. >> > >> > --Paul Hoffman >> > >> > >> +1 > > Agree with both.
Awesome, thanks - this seems to be the consensus. A new version of I-D, draft-ietf-dnsop-kskroll-sentinel-08.txt has been successfully submitted by Warren Kumari and posted to the IETF repository. Name: draft-ietf-dnsop-kskroll-sentinel Revision: 08 Title: A Root Key Trust Anchor Sentinel for DNSSEC Document date: 2018-03-24 Group: dnsop Pages: 15 URL: https://www.ietf.org/internet-drafts/draft-ietf-dnsop-kskroll-sentinel-08.txt Status: https://datatracker.ietf.org/doc/draft-ietf-dnsop-kskroll-sentinel/ Htmlized: https://tools.ietf.org/html/draft-ietf-dnsop-kskroll-sentinel-08 Htmlized: https://datatracker.ietf.org/doc/html/draft-ietf-dnsop-kskroll-sentinel Diff: https://www.ietf.org/rfcdiff?url2=draft-ietf-dnsop-kskroll-sentinel-08 Abstract: The DNS Security Extensions (DNSSEC) were developed to provide origin authentication and integrity protection for DNS data by using digital signatures. These digital signatures can be verified by building a chain of trust starting from a trust anchor and proceeding down to a particular node in the DNS. This document specifies a mechanism that will allow an end user and third parties to determine the trusted key state for the root key of the resolvers that handle that user's DNS queries. Note that this method is only applicable for determing which keys are in the trust store for the root key. There is an example / toy implementation of this at http://www.ksk- test.net . [ This document is being collaborated on in Github at: https://github.com/APNIC-Labs/draft-kskroll-sentinel. The most recent version of the document, open issues, etc should all be available here. The authors (gratefully) accept pull requests. Text in square brackets will be removed before publication. ] [ NOTE: This version uses the labels "kskroll-sentinel-is-ta-<key- tag>", "kskroll-sentinel-not-ta-<key-tag>"; older versions of this document used "_is-ta-<key-tag>", "_not-ta-<key-tag>". Also note that the format of the tag-index is now zero-filled decimal. Apolgies to those who have began implmenting.] W > > But let me emphasize Joao's point, we need to pick those now and move > forward. > > Fred > > _______________________________________________ > DNSOP mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/dnsop -- I don't think the execution is relevant when it was obviously a bad idea in the first place. This is like putting rabid weasels in your pants, and later expressing regret at having chosen those particular rabid weasels and that pair of pants. ---maf _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
