On 10/5/22 20:25, Paul Hoffman wrote:
On 10/5/22 19:56, Paul Hoffman wrote:
I propose to replace that paragraph with:
What we today call "DNSSEC" is the DNSSEC specification defined in {{RFC4033}},
{{RFC4034}}, and {{RFC4035}}.
However, earlier incarnations of DNSSEC were thinly deployed and significantly
less
visible than the current DNSSEC specification.
I think that's much better, but it remains vague in that it leaves open what
those other versions were.
I know there are some RFCs that defined KEY records etc. Is that's what's
meant? Perhaps we should add something like:
For the historic record of these, see RFC 2535 and related documents.
(Or whatever is the appropriate set of documents.)
Given that we don't have clear version numbers, I would kinda prefer not to do
that. Does RFC 2535 represent a clear description of an earlier
incarnation/version of DNSSEC? It doesn't feel that way to me.
I wasn't around at that time, so I don't know. Based on the fact that the
current incarnation was dubbed version 3, I assumed that other revisions can be
pointed to more or less precisely. Apologies if I misunderstood.
My point is precisely that if we can't pinpoint what we mean by "earlier
incarnations", the text shouldn't sound like they were stable versions that were
merely thinly deployed.
So, my suggestion would be that if we know what those incarnations are, let's add
references so people can dig further if they are interested. If we can't point to a
specification and/or don't know what those incarnations are, I think it would be better
to say they "... were not fully specified and saw only little deployment" or
not talk about them at all.
Best,
Peter
--
https://desec.io/
_______________________________________________
DNSOP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dnsop
