Re: [dnsext] draft-jabley-dnsop-validator-bootstrap-00

Jakob Schlyter <jakob@kirei.se> Wed, 02 February 2011 10:03 UTC

Return-Path: <jakob@kirei.se>
X-Original-To: dnsext@core3.amsl.com
Delivered-To: dnsext@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id A2FBC3A712D for <dnsext@core3.amsl.com>; Wed, 2 Feb 2011 02:03:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.552
X-Spam-Level:
X-Spam-Status: No, score=-1.552 tagged_above=-999 required=5 tests=[AWL=-0.543, BAYES_00=-2.599, HELO_EQ_SE=0.35, SARE_LWSHORTT=1.24]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id z-TinVGfL5BP for <dnsext@core3.amsl.com>; Wed, 2 Feb 2011 02:03:35 -0800 (PST)
Received: from spg.kirei.se (gomi.kirei.se [91.206.174.9]) by core3.amsl.com (Postfix) with ESMTP id 29FE33A704C for <dnsext@ietf.org>; Wed, 2 Feb 2011 02:03:34 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kirei.se; s=spg20100524; h=received:subject:mime-version:content-type:from:in-reply-to:date:cc: content-transfer-encoding:message-id:references:to:x-mailer; bh=cIRgNboDGOsKuC6aDtyPxMf7c4XZS6GEjOVaQ/PjIjs=; b=oVS/HnrSd2LiBYJLtrtSQQhZZK6N9jyv3YYdx90cs6l5D5n66zZwaFvaG++nFTrg+dFBS3D0uYPV4 mSDTlQ2v/OCI3KgIG2DHSQLvpPgDMtDtuYWf7NZilnWyysJ8BezTMvNM+/770wLiW8RSqRga7d67qQ oH6JLJeXQuCKrlnA=
Received: from mail.kirei.se (unknown [91.206.174.10]) by spg.kirei.se (Halon Mail Gateway) with ESMTPS; Wed, 2 Feb 2011 11:06:52 +0100 (CET)
Mime-Version: 1.0 (Apple Message framework v1082)
Content-Type: text/plain; charset=us-ascii
From: Jakob Schlyter <jakob@kirei.se>
In-Reply-To: <AANLkTikx-cc47UFjK6=DxwxJVraMv89L-ebBmhHPn7ZE@mail.gmail.com>
Date: Wed, 2 Feb 2011 11:06:46 +0100
Content-Transfer-Encoding: quoted-printable
Message-Id: <99E68FDB-9473-4AC7-9547-787DA5C41C72@kirei.se>
References: <3E0BC533-AFF7-4E5E-A52E-BD7814FC4060@hopcount.ca> <4D472D2C.9090108@cisco.com> <6819D144-A148-41AB-BF38-A888E0950D7E@hopcount.ca> <AANLkTikx-cc47UFjK6=DxwxJVraMv89L-ebBmhHPn7ZE@mail.gmail.com>
To: Phillip Hallam-Baker <hallam@gmail.com>
X-Mailer: Apple Mail (2.1082)
Cc: "dnsop@ietf.org WG" <dnsop@ietf.org>, dnsext List <dnsext@ietf.org>, Dave Knight <dave.knight@icann.org>
Subject: Re: [dnsext] draft-jabley-dnsop-validator-bootstrap-00
X-BeenThere: dnsext@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: DNS Extensions working group discussion list <dnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsext>
List-Post: <mailto:dnsext@ietf.org>
List-Help: <mailto:dnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Feb 2011 10:03:36 -0000

On 1 feb 2011, at 01.40, Phillip Hallam-Baker wrote:

> My advice to Cisco would be to use their existing root to sign the published CSR for the DNS root KSK in the short term at least.

That's why we (the Root DNSSEC Design Team) included a CSR as one output from the key generation ceremony.

	jakob