Re: [DNSOP] Should draft-ietf-dnsop-rfc4641bis cover RFC 5011 practices?

2009-03-19 Thread Olaf Kolkman
On 16 mrt 2009, at 16:34, Paul Hoffman wrote: It feels like a lot of DNSSEC questions these days are being answered by that's covered if you use RFC 5011. If so, then maybe proper use of RFC 5011 (such as when to assume that a zone is *really* being signed, not just for practice) should

Re: [DNSOP] WGLC: Requirements for Management of Name Servers for the DNS

2009-03-19 Thread Ralf Weber
Moin! On 18.03.2009, at 17:37, TSG wrote: Peter Koch wrote: Dear WG, this is to initiate a working group last call on Requirements for Management of Name Servers for the DNS draft-ietf-dnsop-name-server-management-reqs-02.txt Peter - I notice that the standards don't say

[DNSOP] EU Data Protection Directives and draft-ietf-dnsop-name-server-management-reqs-

2009-03-19 Thread Jim Reid
Can we *please* get back to a discussion of WGLC on this ID? The (largely ill-informed) debate about EU Data Protection Directives can be taken somewhere else. It's not even remotely relevant to this WG or the draft that's under consideration.

[DNSOP] /adm/ Re: WGLC: Requirements for Management of Name Servers for the DNS

2009-03-19 Thread Peter Koch
On 18.03.2009, at 17:37, TSG wrote: Peter - I notice that the standards don't say anything about the EU's Data Integrity Directive which in fact will effect the On Thu, Mar 19, 2009 at 11:03:58AM +0100, Ralf Weber wrote: I'm not sure where you get the numbers, but the EU's population is

Re: [DNSOP] WGLC: Requirements for Management of Name Servers for the DNS

2009-03-19 Thread TSG
Ralf Weber wrote: Moin! On 18.03.2009, at 17:37, TSG wrote: Peter Koch wrote: Dear WG, this is to initiate a working group last call on Requirements for Management of Name Servers for the DNS draft-ietf-dnsop-name-server-management-reqs-02.txt Peter - I notice that the

Re: [DNSOP] Should draft-ietf-dnsop-rfc4641bis cover RFC 5011 practices?

2009-03-19 Thread Matthijs Mekking
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Also, RFC 5011 may adapt key rollover practices. In short this means that when a key may be removed because it is considered dead, it should stay in the zone for one RRSIG TTL more with its REVOKED bit set before removing it from the zone. This way,

Re: [DNSOP] Should draft-ietf-dnsop-rfc4641bis cover RFC 5011 practices?

2009-03-19 Thread TSG
Matthijs Mekking wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Also, RFC 5011 may adapt key rollover practices. In short this means that when a key may be removed because it is considered dead, it should stay in the zone for one RRSIG TTL more with its REVOKED bit set before removing it

Re: [DNSOP] Should draft-ietf-dnsop-rfc4641bis cover RFC 5011 practices?

2009-03-19 Thread Todd Glassey CISM CIFI
Paul Hoffman wrote: As much as I hate to engage in threads like this, I would like to make a factual correction. At 11:54 AM -0700 3/19/09, TSG wrote: By the way since I personally coined the term Trust Anchor in PKIX towards the late-1990's This is provably false. I am glad you