Re: [DNSOP] Working Group Last Call for draft-ietf-dnsop-multi-provider-dnssec

[Frederico A C Neves <fneves@registro.br>]

Shane,

On Wed, Nov 20, 2019 at 04:52:22PM +0100, Shane Kerr wrote:
> Benno and all,
> 
> Overall the document is clear and I hope helpful to organizations 
> pursuing a multi-DNS vendor setup who want to use DNSSEC (as all do, I 
> am sure).
> 
> One minor thing I noticed while looking through the document. It 
> mentions the Brazilian ccTLD as background why using a liberal rollover 
> is workable:
> 
>    In fact, testing by the .BR Top Level
>    domain for their recent algorithm rollover [BR-ROLLOVER],
>    demonstrates that the liberal approach does in fact work with current
>    resolvers deployed on the Internet.
> 
> However, the BR-ROLLOVER reference is to a presentation which discusses 
> the plans to try a liberal rollover in Brazil, but doesn't actually 
> claim that it works. Was there further published research that can 
> support this idea?

There is a presentation I gave at ICANN-63 with the rollover report.

 * ICANN 63 - Oct/2018                                                                                                  https://static.ptbl.co/static/attachments/191746/1540217948.pdf                                                         
 Audio (English): starting at 57min50s                                                                                  http://audio.icann.org/meetings/bcn63/bcn63-OPEN-2018-10-24-T0636-113-en-DNSSEC-Workshop-1-of--3.m3u 

This was previously reported at dns-operations,

https://lists.dns-oarc.net/pipermail/dns-operations/2018-October/018029.html

Besides of this I think there may be already published references of
this on works of Moritz Muller and Taejoong Chung. They greatly helped
us with the monitoring of the rollover.

> 
> Cheers,
> 
> --
> Shane
> 

Fred