Hi Terry, Thanks for this effort.
Overall I think there are good points that you raise. However, I am struggling with the relevance from a CA perspective of Section 7 (Communication from validators to objects signers regarding validation status). Validation is a local process done from RPs. There are many reasons why validation may fail and many of them good reasons. Are you expecting a massive Big Brother system of all validator reporting results back to IANA? BTW, I know RIPE has this option but I take it as something they want to keep tracking during the boot-up process. In general I would assume that every CA (like any other entity with a product) is interesting in testing its products (signed objects) before making them public. Moreover, current key-rollover/algorithm rollover mechanism assume an overlap period where OLD and NEW products overlap in time to prevent any problem. All in all, what I would recommend you is to verify that the current key-rollover/algorithm roll-over documents are adequate for IANA considering that IANA will test its signed objects adequately. Roque On 09 Oct 2014, at 02:21, Terry Manderson <[email protected]> wrote: > Hi All, > > As you are probably aware ICANN has been following the SIDR work fairly > closely, based in the IAB guidance that a single authoritative trust > anchor should exist - what we term as the Global Trust Anchor (GTA). > > In the process of looking at the implementation of this, the GTA, and the > technical concerns relating to stability and resiliency, a few questions > have bubbled to the surface over the past year. Instead of sitting on our > hands and not communicating to the WG we thought it best to raise what we > are thinking and seek a discussion. Thus we would very much like the WG > guidance and advice on these questions. > > We have created a draft to raise these discussion points. > > http://tools.ietf.org/html/draft-vegoda-manderson-sidr-key-management-00 > > Are there simple answers? and if so, what are they? Have we > mis-charatcerised some concerns? How? Are our concerns unfounded? and why? > Are there more concerns that people see and which we haven't covered here? > > Cheers > Terry and Leo > _______________________________________________ > sidr mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/sidr _______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
