Return-Path: <wjhns1@hardakers.net>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1])
 by ietfa.amsl.com (Postfix) with ESMTP id 112791276AF
 for <dnsop@ietfa.amsl.com>; Fri,  4 Aug 2017 15:08:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.741
X-Spam-Level: 
X-Spam-Status: No, score=-2.741 tagged_above=-999 required=5
 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RDNS_NONE=0.793,
 SPF_SOFTFAIL=0.665, URIBL_BLOCKED=0.001]
 autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44])
 by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id 1PTEH5g8oTh1 for <dnsop@ietfa.amsl.com>;
 Fri,  4 Aug 2017 15:08:29 -0700 (PDT)
Received: from mail.hardakers.net (unknown [168.150.236.43])
 (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by ietfa.amsl.com (Postfix) with ESMTPS id 0C29012708C
 for <dnsop@ietf.org>; Fri,  4 Aug 2017 15:08:29 -0700 (PDT)
Received: from localhost (50-1-20-198.dsl.static.fusionbroadband.com
 [50.1.20.198])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by mail.hardakers.net (Postfix) with ESMTPSA id 0351A2778E;
 Fri,  4 Aug 2017 15:08:26 -0700 (PDT)
From: Wes Hardaker <wjhns1@hardakers.net>
To: Matthijs Mekking <matthijs@pletterpet.nl>
Cc: dnsop@ietf.org
References: <ybl4luqq05v.fsf@w7.hardakers.net>
 <7d425067-84ff-2471-d39a-0c3a20c0116c@pletterpet.nl>
Date: Fri, 04 Aug 2017 15:08:25 -0700
In-Reply-To: <7d425067-84ff-2471-d39a-0c3a20c0116c@pletterpet.nl> (Matthijs
 Mekking's message of "Thu, 20 Jul 2017 14:34:56 +0200")
Message-ID: <yblh8xn9eau.fsf@wu.hardakers.net>
User-Agent: Gnus/5.130014 (Ma Gnus v0.14) Emacs/25.2 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/0zefHOC5kEj-aV7FlvzueSdBsEw>
Subject: Re: [DNSOP] requesting WGLC for 5011-security-considerations
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>,
 <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>,
 <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 04 Aug 2017 22:08:31 -0000

Matthijs Mekking <matthijs@pletterpet.nl> writes:

> It's been a while since I have had a look at this draft, my apologies.

No worries; I'm due to publish the copy that is sitting on my disk with
updates to the math.  So *my* apologies in return.

(and the update should be a bit easier to read too)

I'll review your math proposal before publishing.  I'm not sure we agree
with your analysis yet, but will consider it carefully.

> Furthermore, this document should also give guidance on the wait time
> before a revoked DNSKEY can be removed from the zone:

(which is also in the unpublished update)

> This document should probably update RFC 7583 because it is giving a
> better definition of Itrp and Irev.

Probably true too.  Thanks for pointing that out.  I'll be honest, I've
always had a hard time reading 7583 because the acronyms fly fast a
furious and it's hard to remember which is which.

-- 
Wes Hardaker
USC/ISI