[DNSOP] Fwd: New Version Notification for draft-pounsett-transferring-automated-dnssec-zones-01.txt

Matthew Pounsett <matt@conundrum.com> Tue, 02 August 2016 13:38 UTC

Return-Path: <matt@conundrum.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 14B4112D59B for <dnsop@ietfa.amsl.com>; Tue, 2 Aug 2016 06:38:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=conundrum-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id h0OGGz1m50xq for <dnsop@ietfa.amsl.com>; Tue, 2 Aug 2016 06:38:16 -0700 (PDT)
Received: from mail-qk0-x232.google.com (mail-qk0-x232.google.com [IPv6:2607:f8b0:400d:c09::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 45AAB12D606 for <dnsop@ietf.org>; Tue, 2 Aug 2016 06:38:15 -0700 (PDT)
Received: by mail-qk0-x232.google.com with SMTP id s63so174782332qkb.2 for <dnsop@ietf.org>; Tue, 02 Aug 2016 06:38:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=conundrum-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to; bh=+/trVL4cMqu7q/wWP1yGZSZveeNrV7ooYPHNLZU21BQ=; b=qgTIa126phInOtr9BNZRB2VBUKwJjVhGTkn49BPKawSRLjrF80jCBHbb+8JfMlBwik h/pLj75e4Z3+C/oZM77AjATEFKuN5E1yqPK/EBUEmTW6iogxvhG0CYDop8vZbRzZ0rfM 9a14tfRlScgv1gFgijYIpwwed9E3EHhTvGyvkPi6+bqktzCqjCZNgkEVK3/N3UUcyn4E 6xMmFzpeCL507BIs0YINeeUyCcgJe1Wsymn8QdY6zVVfQYr8zb0injChKdik7gWpUhIY 8Bzrc9X7mWyw1oP+jUtYGFXhayKSJoj5yFkZwuAhPx4LOfVR0AntFo65fowsjYfXXLyv lo+Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to; bh=+/trVL4cMqu7q/wWP1yGZSZveeNrV7ooYPHNLZU21BQ=; b=lDjx5frYVK5/hxnrOFVSKcshYmqtOtYvn/bVYJVhViaCPAQOluyI2mc2KiXiFwL81R bg2E2ua4wP40lKOaiHGhKdM+CiK5piYZPNJugsrHhrKbuxQM2qhkJaOner22vsT55hFx tJujqWSrviVUU5Rj0X7t9wCmR9dGc7OsfWSzisz8EtuuTSmS3tCQm4B0aHJ1eeGVd6o4 t1zLl+FPSfYSSBfZZ1Sv3DRH7CzXJK/US5e+S+EGygKy2gsCJew7WQd4urzlW2bCUWZI zFWh+iLeEtPW1BwuOnAqRQzPFIr45jJ6puyiAsI8x5CAdguLzEQqJtpXh+YHA85MVBSZ dOOg==
X-Gm-Message-State: AEkooutFdwxKJLhrMTxGmDyNwp31PqDLX56W98L5tSMmdAbOLWfJT8kidOjgsvoxoOdOB8QDYqsd8z7pLnsAJQ==
X-Received: by 10.55.160.70 with SMTP id j67mr10813164qke.108.1470145094174; Tue, 02 Aug 2016 06:38:14 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.237.46.194 with HTTP; Tue, 2 Aug 2016 06:38:13 -0700 (PDT)
X-Originating-IP: [192.0.221.246]
In-Reply-To: <20160802132253.27847.43026.idtracker@ietfa.amsl.com>
References: <20160802132253.27847.43026.idtracker@ietfa.amsl.com>
From: Matthew Pounsett <matt@conundrum.com>
Date: Tue, 02 Aug 2016 09:38:13 -0400
Message-ID: <CAAiTEH9JL_abU_JDyiyqSYdQUv-=L+VDyix5A36_vK65i7UUuw@mail.gmail.com>
To: dnsop <dnsop@ietf.org>
Content-Type: multipart/alternative; boundary="94eb2c06e8401b7bed053916d413"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/1dnFo229f64URzO7hiKaof0PCfU>
Subject: [DNSOP] Fwd: New Version Notification for draft-pounsett-transferring-automated-dnssec-zones-01.txt
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Aug 2016 13:38:18 -0000

Hello all.

I've submitted the following draft which I'd like the working group to
eventually consider for adoption.  I got some good feedback privately at
Berlin, but it may still need another version before a Call For Adoption
happens.  In addition to whatever issues people notice themselves, there
are some specific things I'd like to get feedback on.

First, while this draft doesn't change anything in 6781, I believe it
represents new operational experience that should be added to 6781.  With
the increase in gTLDs and the corresponding explosion in the number of
operators I believe that the number of transfers between registries will
grow, and easily-found operational advice to inexperienced operators will
be essential.  I think this justifies the "modifies" meta-data, but I can
see how some may disagree.  I'd like to get the feeling of the group on
that.

Second, the draft as it currently stands follows the style of 6781 in that
it doesn't spell out TTL waits between steps in the operator change
procedure, and leaves it as an exercise for the reader to incorporate
information from the key roll sections of 6781.  I'm of two minds on this,
and think it may be useful to spell out the details of the operator change
procedure even though a thorough reading of the key roll procedures could
provide the necessary information.

Finally, I don't believe this draft raises any *new* security
considerations, so I've done my best to incorporate by reference the
security considerations from 6781.  I'd like to know your thoughts on this
as well.

Thanks for your time,
    Matt

---------- Forwarded message ----------
From: <internet-drafts@ietf.org>
Date: 2 August 2016 at 09:22
Subject: New Version Notification for
draft-pounsett-transferring-automated-dnssec-zones-01.txt
To: Matthew Pounsett <matt@conundrum.com>



A new version of I-D,
draft-pounsett-transferring-automated-dnssec-zones-01.txt
has been successfully submitted by Matthew Pounsett and posted to the
IETF repository.

Name:           draft-pounsett-transferring-automated-dnssec-zones
Revision:       01
Title:          Change of Operator Procedures for Automatically Published
DNSSEC Zones
Document date:  2016-08-02
Group:          Individual Submission
Pages:          6
URL:
https://www.ietf.org/internet-drafts/draft-pounsett-transferring-automated-dnssec-zones-01.txt
Status:
https://datatracker.ietf.org/doc/draft-pounsett-transferring-automated-dnssec-zones/
Htmlized:
https://tools.ietf.org/html/draft-pounsett-transferring-automated-dnssec-zones-01
Diff:
https://www.ietf.org/rfcdiff?url2=draft-pounsett-transferring-automated-dnssec-zones-01

Abstract:
   Section 4.3.5.1 of [RFC6781] "DNSSEC Operational Practices, version
   2" describes a procedure for transitioning a DNSSEC signed zone from
   one (cooperative) operator to another.  The procedure works well in
   many situations, but makes the assumption that it is feasible for the
   two operators to simultaneously publish slightly different versions
   of the zone being transferred.  In some cases, such as with TLD
   registries, operational considerations require both operators to
   publish identical versions of the zone for the duration of the
   transition.  This document describes a modified transition procedure
   which can be used in these cases.




Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.

The IETF Secretariat