On 18 Jun 2021, at 14:45, Paul Wouters <[email protected]> wrote: > On Jun 18, 2021, at 13:41, Peter van Dijk <[email protected]> wrote: > >> I propose replacing rfc5011-security-considerations with a short document >> deprecating 5011 in its entirety. > > Eh? 5011 is baked into various software. Why would replace 5011 ? > > Did I miss something?
There were some conversations adjacent to the last great root zone KSK roll excitement about how a more measurable and reliable mechanism might be useful. My memory is that there might be value in specifying a new mechanism that could be used as an alternative to or in conjunction with 5011, though, not that 5011 was fundamentally unsound and deserved to be deprecated. I agree that, in the end, 5011 seems to have done a reasonable job -- it was just hard to predict with any degree of comfort or certainty. Joe _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
