In message <[email protected]>, Michael Richardson writes: > > Mark Andrews <[email protected]> wrote: > mcr> It's not a question of: "can we do this", but rather a question of: > if > mcr> we do it, then it needs to be done correctly, which means some test > mcr> cases and test data, and this takes a non-zero amount of time. > mcr> > mcr> Could the effort be better spent elsewhere? > > > Additionally with DLV we also need to be able to validate which means > > more than upgrading OpenSSL. It also means getting the ruby libraries > > upgraded etc. > > Yes, I was trying to leave the underlying technical hurdles aside > (because, I'm sure, when given the mandate, I can deal with them in short > order) and focus on the political and testability hurdles and intentions for > this list..
There is a difference between a body that should just be a conduit to the registry and one that is acting like a CA and needs to establish bona fides. This results in different technical requirements and there was a assumption being made that just upgrading OpenSSL was enough. A registrar should just be passing along the DS records. Some registrars actually have too complicated interfaces. A simple cut- and-paste of the entire record should be enough. Pull down lists where you set each field are just stupid and actually introduce errors. > Given that DLV will be sunset'ed, are new algorithms important to this > community? > > -- > ] Never tell me the odds! | ipv6 mesh networks > [ > ] Michael Richardson, Sandelman Software Works | network architect > [ > ] [email protected] http://www.sandelman.ca/ | ruby on rails > [ > > -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: [email protected]
