Re: [DNSOP] draft-ietf-dnsop-dnssec-key-timing-00
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 10/20/2010 01:03 AM, Suzanne Woolf wrote: On Tue, Oct 19, 2010 at 10:22:25AM -0400, Andrew Sullivan wrote: On Tue, Oct 19, 2010 at 10:26:27AM +0200, Johan Ihren wrote: B. Better to publish what we have and initiate work on a -bis document immediately. Also known as the Perfect is the Enemy of Timely-alternative. I like this, but I'd like it more if there were text in the document that said something like, This represents current thinking at the time of publication. The reader is reminded that DNSSEC is as of publication in early stages of deployment, and best practices will likely change in the near term. Or something like that. The idea is to give the reader a clue that s/he ought to be keeping up with the mailing lists and so on in order to understand what is happening. Or even These are the guidelines as best we understand them, as we write, but we expect them to serve partly as a basis for further discussion and experiment. If you find something better, bring it on. Although we have already better understanding for guidelines that are more complete and have improved clarity. So perhaps These are the guidelines as best we understood them ;). But perhaps B is the best option, although minor surgery is still needed before publishing. That includes text like Andrew suggested. Then this document can serve as input for -bis documents. Best regards, Matthijs -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJMvqk0AAoJEA8yVCPsQCW5pVUH/3xKquLmz1ZPADjKOPx6k4Ad dnLA8j+NCeC+jJjQiNybDQ9fWy0soHuEFvZttsRlZkDeb/ClXhkgB3awGz0mDSNo VfKCT24aZIwHzvZ3T+II0d73NAnFBD/AdeHRE9DBp5HFxzGz23FpJBwfXUP5StFt 9DGpc1ZSE2krv8J6TjfjkZW1OImZaxuvldilnXNzn2qTb1uytziim9nMkVinAN9n tanb6S7S5Z5ihAb1tFLL8xT1Co3B49OBDoT36y29J0OOsPQogJ8naPmlsmK0Iq8h a0g4F3nzPl4kIo45Kqwga1GFdvPbTaOXwubvFqIYVDMIc3hflisHH5V/xtTiILM= =3+ns -END PGP SIGNATURE- ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
Re: [DNSOP] draft-ietf-dnsop-dnssec-key-timing-00
On 20/10/2010 4:32 AM, Matthijs Mekking wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 10/20/2010 01:03 AM, Suzanne Woolf wrote: On Tue, Oct 19, 2010 at 10:22:25AM -0400, Andrew Sullivan wrote: On Tue, Oct 19, 2010 at 10:26:27AM +0200, Johan Ihren wrote: B. Better to publish what we have and initiate work on a -bis document immediately. Also known as the Perfect is the Enemy of Timely-alternative. I like this, but I'd like it more if there were text in the document that said something like, This represents current thinking at the time of publication. The reader is reminded that DNSSEC is as of publication in early stages of deployment, and best practices will likely change in the near term. Or something like that. The idea is to give the reader a clue that s/he ought to be keeping up with the mailing lists and so on in order to understand what is happening. Or even These are the guidelines as best we understand them, as we write, but we expect them to serve partly as a basis for further discussion and experiment. If you find something better, bring it on. Although we have already better understanding for guidelines that are more complete and have improved clarity. So perhaps These are the guidelines as best we understood them ;). But perhaps B is the best option, although minor surgery is still needed before publishing. That includes text like Andrew suggested. Then this document can serve as input for -bis documents. Best regards, Matthijs I agree that at this time option B is the best one. I will send editors nits from my review of the document. The disclaimer should be that this document covers only rolling keys of the same algorithm, it does not cover transition to/from/addition/deletion of different algorithm. I would also recommend that this document be published as informational. Olafur ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
Re: [DNSOP] draft-ietf-dnsop-dnssec-key-timing-00
On Tue, Oct 19, 2010 at 10:26:27AM +0200, Johan Ihren wrote: B. Better to publish what we have and initiate work on a -bis document immediately. Also known as the Perfect is the Enemy of Timely-alternative. I like this, but I'd like it more if there were text in the document that said something like, This represents current thinking at the time of publication. The reader is reminded that DNSSEC is as of publication in early stages of deployment, and best practices will likely change in the near term. Or something like that. The idea is to give the reader a clue that s/he ought to be keeping up with the mailing lists and so on in order to understand what is happening. A -- Andrew Sullivan a...@shinkuro.com Shinkuro, Inc. ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
Re: [DNSOP] draft-ietf-dnsop-dnssec-key-timing-00
At 10:22 AM -0400 10/19/10, Andrew Sullivan wrote: On Tue, Oct 19, 2010 at 10:26:27AM +0200, Johan Ihren wrote: B. Better to publish what we have and initiate work on a -bis document immediately. Also known as the Perfect is the Enemy of Timely-alternative. I like this, but I'd like it more if there were text in the document that said something like, This represents current thinking at the time of publication. The reader is reminded that DNSSEC is as of publication in early stages of deployment, and best practices will likely change in the near term. Or something like that. The idea is to give the reader a clue that s/he ought to be keeping up with the mailing lists and so on in order to understand what is happening. +1 to Andrew's addition, and maybe add another one: Some of the techniques and ideas that DNSSEC operators are thinking about that differ from this document include and a list of interesting phrases, no details. --Paul Hoffman, Director --VPN Consortium ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
Re: [DNSOP] draft-ietf-dnsop-dnssec-key-timing-00
On Tue, Oct 19, 2010 at 10:22:25AM -0400, Andrew Sullivan wrote: On Tue, Oct 19, 2010 at 10:26:27AM +0200, Johan Ihren wrote: B. Better to publish what we have and initiate work on a -bis document immediately. Also known as the Perfect is the Enemy of Timely-alternative. I like this, but I'd like it more if there were text in the document that said something like, This represents current thinking at the time of publication. The reader is reminded that DNSSEC is as of publication in early stages of deployment, and best practices will likely change in the near term. Or something like that. The idea is to give the reader a clue that s/he ought to be keeping up with the mailing lists and so on in order to understand what is happening. Or even These are the guidelines as best we understand them, as we write, but we expect them to serve partly as a basis for further discussion and experiment. If you find something better, bring it on. Sorry guys-- I don't think the parrot is dead enough to get you off the hook. Suzanne ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop