IETF Logo Mail Archive

Re: [DNSOP] Expiration impending: <draft-jabley-dnssec-trust-anchor-11.txt>

George Michaelson <ggm@algebras.org> Mon, 05 October 2015 16:14 UTC

Return-Path: <ggm@algebras.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 430211B3287 for <dnsop@ietfa.amsl.com>; Mon, 5 Oct 2015 09:14:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.978
X-Spam-Level:
X-Spam-Status: No, score=-1.978 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RWqXUedAGBkt for <dnsop@ietfa.amsl.com>; Mon, 5 Oct 2015 09:14:07 -0700 (PDT)
Received: from mail-qg0-f52.google.com (mail-qg0-f52.google.com [209.85.192.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B970C1B326D for <dnsop@ietf.org>; Mon, 5 Oct 2015 09:06:38 -0700 (PDT)
Received: by qgx61 with SMTP id 61so153801240qgx.3 for <dnsop@ietf.org>; Mon, 05 Oct 2015 09:06:38 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=CWK06nqs3SM+gM6H+2NirAUigxsYQDpCQvmBNrlxFcI=; b=Q4lsNmDnhX1cNQ7gXPjCUNnvgKOqWsPK2dzSHdgLfgwxd2J+/nqXQQJHepv650Agmh seo19x8sxq5vOAK2DH2czPAzpITz9qn51Kp31hL/rGdDFI81SuAuDbIS64b2HANZ9+lK +d35cTMgKJWHwRii4EOIiHazlMXR3NRa5wiWaFJxOSb18+x0/UeP9FpV0V2uHGvGstp7 VbQNtkq/5uqzoTGv0O6WkQ1gY4NJ5+6IevaiD8gZ2FfnP7wAoyRvcQ5qWNh21zVqlAtD EX1+80Puf/lOBt9vD0QmsXmYSdHNSXp4SimUpRisbXSocDBsW+cimbpHLPRSDlkxuxLg Eizg==
X-Gm-Message-State: ALoCoQkm+ThAtrIfhFmg7CiMkZgKxBL67TPRv8j8wRP/nSsQGY56QtEVRGmu1MZhpIt39Lf6PWAD
MIME-Version: 1.0
X-Received: by 10.140.96.135 with SMTP id k7mr40873257qge.34.1444061197846; Mon, 05 Oct 2015 09:06:37 -0700 (PDT)
Received: by 10.55.101.207 with HTTP; Mon, 5 Oct 2015 09:06:37 -0700 (PDT)
X-Originating-IP: [2001:13c7:7001:5192:943:642c:2e4d:dac7]
In-Reply-To: <afb891d208a34bd4911f85c03495b211@PMBX112-W1-CA-1.PEXCH112.ICANN.ORG>
References: <20150928114202.823.19868.idtracker@ietfa.amsl.com> <0E4AA958-7740-4602-A3CF-D2E481DBC15E@hopcount.ca> <20150928155325.GA63874@gaon.net> <20150929095301.32c3e6a3@casual> <13F1D87F-1C07-40EB-86B0-564C4109C9B0@virtualized.org> <1973252D-924F-4EF1-A38F-5EC01AD331F6@gmail.com> <FDD04DCC-59C5-41F5-8CAF-1EF31CD65A34@virtualized.org> <63E1E01E-C172-4A0F-B434-F796546BB657@gmail.com> <C4FA9FA6-76E3-4FF3-862B-C5C0DF75C761@kirei.se> <D1C15986-603E-4932-B551-0497638D9849@vpnc.org> <02869F43-87A4-4797-8FD3-276C02DF665D@kirei.se> <EEA946B1-8BF3-4AB7-99D2-4C8CDCCF0EC0@vpnc.org> <F412CE02-C0BA-425E-BBF9-3A40B2B5FEA7@vpnc.org> <9F52E6FC-E503-4E3A-9998-363BF514CC1A@hopcount.ca> <CAKr6gn2HG9apg9Kz9wAk-mhyCFFXKk_ZthfwdMaU+daULarhsg@mail.gmail.com> <93B4F751-C7EA-4081-A1B6-1AB9FCED4340@hopcount.ca> <CAKr6gn3MgO1m4--cwRo9LSAUDJ7cmbPMy4jYzX55=3z3U_UnkQ@mail.gmail.com> <afb891d208a34bd4911f85c03495b211@PMBX112-W1-CA-1.PEXCH112.ICANN.ORG>
Date: Mon, 05 Oct 2015 11:06:37 -0500
Message-ID: <CAKr6gn2ExD7GQfPebF1xDbfc1fqxCAEG7O200MgyDq9Ln_w-GA@mail.gmail.com>
From: George Michaelson <ggm@algebras.org>
To: Richard Lamb <richard.lamb@icann.org>
Content-Type: multipart/alternative; boundary="001a113a3e0abb62f105215db227"
Archived-At: <http://mailarchive.ietf.org/arch/msg/dnsop/4vbSWGJGVlsOa3Dy9zPpxtAdwlk>
Cc: dnsop WG <dnsop@ietf.org>, Joe Abley <jabley@hopcount.ca>, Paul Hoffman <paul.hoffman@vpnc.org>
Subject: Re: [DNSOP] Expiration impending: <draft-jabley-dnssec-trust-anchor-11.txt>
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 05 Oct 2015 16:14:09 -0000

FWIW I think the document should go ahead, with pretty minor edit about the
current practice/should stuff. I think it was good to author a document on
whats currently done even if people want other things done.

(I don't mean my other things, I mean other peoples other things. one does
not refer to oneself in the third person unless mad)

-G

On Mon, Oct 5, 2015 at 10:58 AM, Richard Lamb <richard.lamb@icann.org>
wrote:

> Sheesh..I thought we were talking about engineering issues.
>
>
>
> Speaking only as the humble engineer who helped develop the publication
> methods and wrote the software that generates all the pieces, the most
> recent draft does describe what my programs, scripts, and other pieces do.
> If there is any technical variance, please let me know I don’t pretend to
> be perfect.  I run another copy of some of the pieces on my KSK rollover
> test setup now, so id like to know.
>
>
>
> I have no opinion regarding the more abstract discussion regarding where
> such a description belongs and look to learn from those better versed in
> that subject.
>
>
>
> -Rick
>
>
>
>
>
>
>
> *From:* DNSOP [mailto:dnsop-bounces@ietf.org] *On Behalf Of *George
> Michaelson
> *Sent:* Monday, October 5, 2015 8:07 AM
> *To:* Joe Abley <jabley@hopcount.ca>
> *Cc:* dnsop WG <dnsop@ietf.org>; Paul Hoffman <paul.hoffman@vpnc.org>
> *Subject:* Re: [DNSOP] Expiration impending:
> <draft-jabley-dnssec-trust-anchor-11.txt>
>
>
>
> If its on the internet, its not out of band.
>
>
>
> On Mon, Oct 5, 2015 at 9:55 AM, Joe Abley <jabley@hopcount.ca> wrote:
>
>
>
> On 5 Oct 2015, at 10:42, George Michaelson wrote:
>
> > Something very left field for me, but I believe important, is that we
> need
> > to also publish the out-of-band publication point of the trust material.
>
> This draft is exclusively concerned with publishing trust anchors
> out-of-band of the protocol.
>
> > I mentioned this to Joe some time ago and was very correctly told "out of
> > scope" but I believe its nonsensical to exclude physical publication, eg
> in
> > newspapers of record for at least 3 economies worldwide, of the hash of
> the
> > public key as a standing event.
>
> This draft aims to document current practice. To my knowledge, nobody has
> ever published a trust anchor (or even a pointer to it) in print media.
>
> > In-band only has some issues for me, if we are talking about trust.
>
> Me too, hence the decision by ICANN to publish trust anchors using
> out-of-band mechanisms in 2009/2010, as this draft aims to document.
>
>
> Joe
>
>
>

v2.23.0 | Report a Bug | By Email