Re: [DNSOP] Expiration impending: <draft-jabley-dnssec-trust-anchor-11.txt>
Richard Lamb <richard.lamb@icann.org> Sat, 31 October 2015 18:36 UTC
Return-Path: <richard.lamb@icann.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A0F481A6F9D for <dnsop@ietfa.amsl.com>; Sat, 31 Oct 2015 11:36:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.431
X-Spam-Level:
X-Spam-Status: No, score=-3.431 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_NEUTRAL=0.779, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id InaVXxlM2R4Z for <dnsop@ietfa.amsl.com>; Sat, 31 Oct 2015 11:36:14 -0700 (PDT)
Received: from out.west.pexch112.icann.org (pfe112-ca-1.pexch112.icann.org [64.78.40.7]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1C8071A8943 for <dnsop@ietf.org>; Sat, 31 Oct 2015 11:36:14 -0700 (PDT)
Received: from PMBX112-W1-CA-1.pexch112.icann.org (64.78.40.21) by PMBX112-W1-CA-2.pexch112.icann.org (64.78.40.23) with Microsoft SMTP Server (TLS) id 15.0.1044.25; Sat, 31 Oct 2015 11:36:11 -0700
Received: from PMBX112-W1-CA-1.pexch112.icann.org ([64.78.40.21]) by PMBX112-W1-CA-1.PEXCH112.ICANN.ORG ([64.78.40.21]) with mapi id 15.00.1044.021; Sat, 31 Oct 2015 11:36:12 -0700
From: Richard Lamb <richard.lamb@icann.org>
To: "dnsop@ietf.org" <dnsop@ietf.org>
Thread-Topic: [DNSOP] Expiration impending: <draft-jabley-dnssec-trust-anchor-11.txt>
Thread-Index: AQHQ+uOs5dFmRxFvI0qeZhMj8Aqbjp5Y2ToAgANDioCAAAdjgIABNFYAgAAE+gCAAAaUgIAAAe8AgAADvgCAAAYKgIAAWeMAgAAKVACAAAiBAIAABLiAgAAEfYCAAAFRAIAABgQAgAC7R4CAJ3XHMA==
Date: Sat, 31 Oct 2015 18:36:11 +0000
Message-ID: <245f584f55824d1cb3a804fc84f5eaba@PMBX112-W1-CA-1.PEXCH112.ICANN.ORG>
References: <20150928114202.823.19868.idtracker@ietfa.amsl.com> <20150928155325.GA63874@gaon.net> <20150929095301.32c3e6a3@casual> <13F1D87F-1C07-40EB-86B0-564C4109C9B0@virtualized.org> <1973252D-924F-4EF1-A38F-5EC01AD331F6@gmail.com> <FDD04DCC-59C5-41F5-8CAF-1EF31CD65A34@virtualized.org> <63E1E01E-C172-4A0F-B434-F796546BB657@gmail.com> <C4FA9FA6-76E3-4FF3-862B-C5C0DF75C761@kirei.se> <D1C15986-603E-4932-B551-0497638D9849@vpnc.org> <02869F43-87A4-4797-8FD3-276C02DF665D@kirei.se> <EEA946B1-8BF3-4AB7-99D2-4C8CDCCF0EC0@vpnc.org> <F412CE02-C0BA-425E-BBF9-3A40B2B5FEA7@vpnc.org> <9F52E6FC-E503-4E3A-9998-363BF514CC1A@hopcount.ca> <D2C7120E-D13A-4372-8A8D-FE16DDDB5AEA@vpnc.org> <6CE2A233-0CD3-4490-BDDE-A0E82B305F05@hopcount.ca> <97AFB21E-9233-4753-8F89-A6AC6C6B079B@vpnc.org> <A1B41B27-AFB0-4B42-9F46-AA1D8D5D00F6@hopcount.ca> <D3A29F92-2A24-4CEC-93CF-164BD2497C1E@vpnc.org> <BFB819A9-9C50-4049-A5F0-5054CD86EC94@hopcount.ca> <70FA923D-C067-492E-A1EA-7B88754C2D5B@gmail.com> <56138BDB.60709@nlnetlabs.nl>
In-Reply-To: <56138BDB.60709@nlnetlabs.nl>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [192.0.32.234]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/dnsop/0l4-dpxXEfyWiypIeISzvj8t0cU>
Subject: Re: [DNSOP] Expiration impending: <draft-jabley-dnssec-trust-anchor-11.txt>
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 31 Oct 2015 18:36:15 -0000
Given that there are least three implementations based on this draft in widespread use, IMHO, I believe this draft should move forward as is. As mentioned below, a stable reference would be useful for implementers like myself. -Rick -----Original Message----- From: DNSOP [mailto:dnsop-bounces@ietf.org] On Behalf Of W.C.A. Wijngaards Sent: Tuesday, October 6, 2015 1:53 AM To: dnsop@ietf.org Subject: Re: [DNSOP] Expiration impending: <draft-jabley-dnssec-trust-anchor-11.txt> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hi, On 05/10/15 23:42, Suzanne Woolf wrote: > All, > > First, thanks to the engaging on this. > > On Oct 5, 2015, at 5:20 PM, "Joe Abley" <jabley@hopcount.ca> > wrote: >> >> Perhaps it's time to sit back and wait for others here to express an >> opinion. > > I'd like to hear opinions from others in the WG with an operational > interest in the DNSSEC root trust anchor. It documents a procedure we implemented, and a stable reference would be a good thing. > Does this document meet a need you have? If so, how well does it meet > the need, and what would it take (if anything) for the document to > meet that need more effectively? Unbound implements the draft in open source, in its own command-line tool 'unbound-anchor'. It combines a compiled-in root-anchor, with RFC5011 rollover and this draft. At the first start it has failover over from the initial anchor to the next option, and this draft is the fallback. On subsequent invocations it keeps state, a rolling anchor that it keeps track of. If RFC5011 tracking fails, it uses this draft to fetch the xml file with the new key. The tool is organisation-agnostic and can also be configured to perform the same mechanics in another environment (eg. test environments). Best regards, Wouter -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJWE4vbAAoJEJ9vHC1+BF+NxPMQAIAmFaUaF6ZKQvzMLZ+yAuDm 66MaTO2i68q6LH3ZHCEl6dXMz3sGL+8RaKCN1IK6EyvXUIoCaulkJdbem4MeFsGk /w1Bxxfybgao5+pBPd3Ciz6caYfMHrfkqFL7broBsCLNBlfwVUEUPBJpfYQbF8i+ TQaqyGm/oH2VPtFq03HL/o/CJUgbZNQWT1CKdzEEuoyrmyotzXQkfsnXrW79t/hW tt8Aeq5VSHpBbkSlrq8EYDunhjwQKgJwhx/YUVpqF/JrjO7KDqzO7QabYY4i1h95 LTdcZmrWUfKSPnzN0lD3MSmSvJMMgz18VBXQLO2cHj0QDaDFd9pe0mud0em9gIPz hLhyWvbxeNasT8CbH5vwJ77p/6xmhMsYT4C2EHtJacPmG9Y4BfUDyo1d0hec0eF5 uLmpbp+TCicd3dHNNcIPWjDcxyCT7lTNOLPS78fSOhdju2khijn9b7RPnTqjtmUV Wf8IIYnN0fIapymNsiNXqarV3uC8ly7XhnqK+XQ6z7KgArh/OkrFcGiJAcHn1wlr mSkSKeeGpF8snSlbnMX9+Y9TvBCFrNOP+awzDvKqBnV3yS5Cu2bPottH9Yp/xs96 E36eMwX35WUuh7uOCKR4IswpjChds0jSW75oJ6GYb9ItLfy6ehuGbyUFD2AW130y SrOmADZfr8SG6aGxUokH =4snr -----END PGP SIGNATURE----- _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
- [DNSOP] Fwd: Expiration impending: <draft-jabley-… Joe Abley
- Re: [DNSOP] Fwd: Expiration impending: <draft-jab… Shane Kerr
- Re: [DNSOP] Fwd: Expiration impending: <draft-jab… Andras Salamon
- Re: [DNSOP] Expiration impending: <draft-jabley-d… Paul Hoffman
- Re: [DNSOP] Expiration impending: <draft-jabley-d… Joe Abley
- Re: [DNSOP] Fwd: Expiration impending: <draft-jab… Shane Kerr
- Re: [DNSOP] Expiration impending: <draft-jabley-d… David Conrad
- Re: [DNSOP] Expiration impending: <draft-jabley-d… Suzanne Woolf
- Re: [DNSOP] Expiration impending: <draft-jabley-d… David Conrad
- Re: [DNSOP] Expiration impending: <draft-jabley-d… Suzanne Woolf
- Re: [DNSOP] Expiration impending: <draft-jabley-d… David Conrad
- Re: [DNSOP] Expiration impending: <draft-jabley-d… Suzanne Woolf
- Re: [DNSOP] Expiration impending: <draft-jabley-d… Joe Abley
- Re: [DNSOP] Expiration impending: <draft-jabley-d… Jakob Schlyter
- Re: [DNSOP] Expiration impending: <draft-jabley-d… Paul Hoffman
- Re: [DNSOP] Expiration impending: <draft-jabley-d… Jakob Schlyter
- Re: [DNSOP] Expiration impending: <draft-jabley-d… Tim Wicinski
- Re: [DNSOP] Expiration impending: <draft-jabley-d… Paul Hoffman
- Re: [DNSOP] Expiration impending: <draft-jabley-d… Paul Hoffman
- Re: [DNSOP] Expiration impending: <draft-jabley-d… Joe Abley
- Re: [DNSOP] Expiration impending: <draft-jabley-d… George Michaelson
- Re: [DNSOP] Expiration impending: <draft-jabley-d… Joe Abley
- Re: [DNSOP] Expiration impending: <draft-jabley-d… George Michaelson
- Re: [DNSOP] Expiration impending: <draft-jabley-d… Joe Abley
- Re: [DNSOP] Expiration impending: <draft-jabley-d… Richard Lamb
- Re: [DNSOP] Expiration impending: <draft-jabley-d… George Michaelson
- Re: [DNSOP] Expiration impending: <draft-jabley-d… Edward Lewis
- Re: [DNSOP] Expiration impending: <draft-jabley-d… manning
- Re: [DNSOP] Expiration impending: <draft-jabley-d… Paul Hoffman
- Re: [DNSOP] Expiration impending: <draft-jabley-d… Joe Abley
- Re: [DNSOP] Expiration impending: <draft-jabley-d… Paul Hoffman
- Re: [DNSOP] Expiration impending: <draft-jabley-d… Joe Abley
- Re: [DNSOP] Expiration impending: <draft-jabley-d… Paul Hoffman
- Re: [DNSOP] Expiration impending: <draft-jabley-d… Joe Abley
- Re: [DNSOP] Expiration impending: <draft-jabley-d… Suzanne Woolf
- Re: [DNSOP] Expiration impending: <draft-jabley-d… Mark Andrews
- Re: [DNSOP] Expiration impending: <draft-jabley-d… Ralf Weber
- Re: [DNSOP] Expiration impending: <draft-jabley-d… manning
- Re: [DNSOP] Expiration impending: <draft-jabley-d… W.C.A. Wijngaards
- Re: [DNSOP] Expiration impending: <draft-jabley-d… Andrew Sullivan
- Re: [DNSOP] Expiration impending: <draft-jabley-d… David Conrad
- Re: [DNSOP] Expiration impending: <draft-jabley-d… Andrew Sullivan
- Re: [DNSOP] Expiration impending: <draft-jabley-d… Paul Hoffman
- Re: [DNSOP] Expiration impending: <draft-jabley-d… manning
- Re: [DNSOP] Expiration impending: <draft-jabley-d… John Levine
- Re: [DNSOP] Expiration impending: <draft-jabley-d… Suzanne Woolf
- Re: [DNSOP] Expiration impending: <draft-jabley-d… David Conrad
- Re: [DNSOP] Expiration impending: <draft-jabley-d… manning
- Re: [DNSOP] Expiration impending: <draft-jabley-d… Joe Abley
- Re: [DNSOP] Expiration impending: <draft-jabley-d… manning
- Re: [DNSOP] Expiration impending: <draft-jabley-d… Joe Abley
- Re: [DNSOP] Expiration impending: <draft-jabley-d… Andrew Sullivan
- [DNSOP] Pity (was Re: Expiration impending: <draf… Andrew Sullivan
- Re: [DNSOP] Pity (was Re: Expiration impending: <… Paul Vixie
- Re: [DNSOP] Expiration impending: <draft-jabley-d… Suzanne Woolf
- Re: [DNSOP] Pity (was Re: Expiration impending: <… Suzanne Woolf
- Re: [DNSOP] Expiration impending: <draft-jabley-d… Richard Lamb
- Re: [DNSOP] Expiration impending: <draft-jabley-d… Mehmet Akcin