[DNSOP] Fwd: New Version Notification for draft-pounsett-transferring-automated-dnssec-zones-01.txt
Matthew Pounsett <matt@conundrum.com> Tue, 02 August 2016 13:38 UTC
Return-Path: <matt@conundrum.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 14B4112D59B for <dnsop@ietfa.amsl.com>; Tue, 2 Aug 2016 06:38:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=conundrum-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id h0OGGz1m50xq for <dnsop@ietfa.amsl.com>; Tue, 2 Aug 2016 06:38:16 -0700 (PDT)
Received: from mail-qk0-x232.google.com (mail-qk0-x232.google.com [IPv6:2607:f8b0:400d:c09::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 45AAB12D606 for <dnsop@ietf.org>; Tue, 2 Aug 2016 06:38:15 -0700 (PDT)
Received: by mail-qk0-x232.google.com with SMTP id s63so174782332qkb.2 for <dnsop@ietf.org>; Tue, 02 Aug 2016 06:38:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=conundrum-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to; bh=+/trVL4cMqu7q/wWP1yGZSZveeNrV7ooYPHNLZU21BQ=; b=qgTIa126phInOtr9BNZRB2VBUKwJjVhGTkn49BPKawSRLjrF80jCBHbb+8JfMlBwik h/pLj75e4Z3+C/oZM77AjATEFKuN5E1yqPK/EBUEmTW6iogxvhG0CYDop8vZbRzZ0rfM 9a14tfRlScgv1gFgijYIpwwed9E3EHhTvGyvkPi6+bqktzCqjCZNgkEVK3/N3UUcyn4E 6xMmFzpeCL507BIs0YINeeUyCcgJe1Wsymn8QdY6zVVfQYr8zb0injChKdik7gWpUhIY 8Bzrc9X7mWyw1oP+jUtYGFXhayKSJoj5yFkZwuAhPx4LOfVR0AntFo65fowsjYfXXLyv lo+Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to; bh=+/trVL4cMqu7q/wWP1yGZSZveeNrV7ooYPHNLZU21BQ=; b=lDjx5frYVK5/hxnrOFVSKcshYmqtOtYvn/bVYJVhViaCPAQOluyI2mc2KiXiFwL81R bg2E2ua4wP40lKOaiHGhKdM+CiK5piYZPNJugsrHhrKbuxQM2qhkJaOner22vsT55hFx tJujqWSrviVUU5Rj0X7t9wCmR9dGc7OsfWSzisz8EtuuTSmS3tCQm4B0aHJ1eeGVd6o4 t1zLl+FPSfYSSBfZZ1Sv3DRH7CzXJK/US5e+S+EGygKy2gsCJew7WQd4urzlW2bCUWZI zFWh+iLeEtPW1BwuOnAqRQzPFIr45jJ6puyiAsI8x5CAdguLzEQqJtpXh+YHA85MVBSZ dOOg==
X-Gm-Message-State: AEkooutFdwxKJLhrMTxGmDyNwp31PqDLX56W98L5tSMmdAbOLWfJT8kidOjgsvoxoOdOB8QDYqsd8z7pLnsAJQ==
X-Received: by 10.55.160.70 with SMTP id j67mr10813164qke.108.1470145094174; Tue, 02 Aug 2016 06:38:14 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.237.46.194 with HTTP; Tue, 2 Aug 2016 06:38:13 -0700 (PDT)
X-Originating-IP: [192.0.221.246]
In-Reply-To: <20160802132253.27847.43026.idtracker@ietfa.amsl.com>
References: <20160802132253.27847.43026.idtracker@ietfa.amsl.com>
From: Matthew Pounsett <matt@conundrum.com>
Date: Tue, 02 Aug 2016 09:38:13 -0400
Message-ID: <CAAiTEH9JL_abU_JDyiyqSYdQUv-=L+VDyix5A36_vK65i7UUuw@mail.gmail.com>
To: dnsop <dnsop@ietf.org>
Content-Type: multipart/alternative; boundary="94eb2c06e8401b7bed053916d413"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/1dnFo229f64URzO7hiKaof0PCfU>
Subject: [DNSOP] Fwd: New Version Notification for draft-pounsett-transferring-automated-dnssec-zones-01.txt
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Aug 2016 13:38:18 -0000
Hello all. I've submitted the following draft which I'd like the working group to eventually consider for adoption. I got some good feedback privately at Berlin, but it may still need another version before a Call For Adoption happens. In addition to whatever issues people notice themselves, there are some specific things I'd like to get feedback on. First, while this draft doesn't change anything in 6781, I believe it represents new operational experience that should be added to 6781. With the increase in gTLDs and the corresponding explosion in the number of operators I believe that the number of transfers between registries will grow, and easily-found operational advice to inexperienced operators will be essential. I think this justifies the "modifies" meta-data, but I can see how some may disagree. I'd like to get the feeling of the group on that. Second, the draft as it currently stands follows the style of 6781 in that it doesn't spell out TTL waits between steps in the operator change procedure, and leaves it as an exercise for the reader to incorporate information from the key roll sections of 6781. I'm of two minds on this, and think it may be useful to spell out the details of the operator change procedure even though a thorough reading of the key roll procedures could provide the necessary information. Finally, I don't believe this draft raises any *new* security considerations, so I've done my best to incorporate by reference the security considerations from 6781. I'd like to know your thoughts on this as well. Thanks for your time, Matt ---------- Forwarded message ---------- From: <internet-drafts@ietf.org> Date: 2 August 2016 at 09:22 Subject: New Version Notification for draft-pounsett-transferring-automated-dnssec-zones-01.txt To: Matthew Pounsett <matt@conundrum.com> A new version of I-D, draft-pounsett-transferring-automated-dnssec-zones-01.txt has been successfully submitted by Matthew Pounsett and posted to the IETF repository. Name: draft-pounsett-transferring-automated-dnssec-zones Revision: 01 Title: Change of Operator Procedures for Automatically Published DNSSEC Zones Document date: 2016-08-02 Group: Individual Submission Pages: 6 URL: https://www.ietf.org/internet-drafts/draft-pounsett-transferring-automated-dnssec-zones-01.txt Status: https://datatracker.ietf.org/doc/draft-pounsett-transferring-automated-dnssec-zones/ Htmlized: https://tools.ietf.org/html/draft-pounsett-transferring-automated-dnssec-zones-01 Diff: https://www.ietf.org/rfcdiff?url2=draft-pounsett-transferring-automated-dnssec-zones-01 Abstract: Section 4.3.5.1 of [RFC6781] "DNSSEC Operational Practices, version 2" describes a procedure for transitioning a DNSSEC signed zone from one (cooperative) operator to another. The procedure works well in many situations, but makes the assumption that it is feasible for the two operators to simultaneously publish slightly different versions of the zone being transferred. In some cases, such as with TLD registries, operational considerations require both operators to publish identical versions of the zone for the duration of the transition. This document describes a modified transition procedure which can be used in these cases. Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. The IETF Secretariat
- Re: [DNSOP] Fwd: New Version Notification for dra… Carl Clements
- Re: [DNSOP] Fwd: New Version Notification for dra… Matthew Pounsett
- [DNSOP] Fwd: New Version Notification for draft-p… Matthew Pounsett