Re: [DNSOP] I-D Action:draft-ietf-dnsop-dnssec-trust-history-02.txt
"W.C.A. Wijngaards" <wouter@NLnetLabs.nl> Tue, 29 June 2010 14:29 UTC
Return-Path: <wouter@nlnetlabs.nl>
X-Original-To: dnsop@core3.amsl.com
Delivered-To: dnsop@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D65B53A6850 for <dnsop@core3.amsl.com>; Tue, 29 Jun 2010 07:29:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.95
X-Spam-Level:
X-Spam-Status: No, score=-1.95 tagged_above=-999 required=5 tests=[AWL=0.650, BAYES_00=-2.599, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id f4HR1nL5e42d for <dnsop@core3.amsl.com>; Tue, 29 Jun 2010 07:29:32 -0700 (PDT)
Received: from open.nlnetlabs.nl (open.nlnetlabs.nl [IPv6:2001:7b8:206:1::1]) by core3.amsl.com (Postfix) with ESMTP id 250623A6A58 for <dnsop@ietf.org>; Tue, 29 Jun 2010 07:29:31 -0700 (PDT)
Received: from gary.nlnetlabs.nl (gary.nlnetlabs.nl [IPv6:2001:7b8:206:1:216:76ff:feb8:1853]) (authenticated bits=0) by open.nlnetlabs.nl (8.14.3/8.14.3) with ESMTP id o5TETftx068694 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO) for <dnsop@ietf.org>; Tue, 29 Jun 2010 16:29:41 +0200 (CEST) (envelope-from wouter@nlnetlabs.nl)
Message-ID: <4C2A0355.8000103@nlnetlabs.nl>
Date: Tue, 29 Jun 2010 16:29:41 +0200
From: "W.C.A. Wijngaards" <wouter@NLnetLabs.nl>
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.10) Gecko/20100621 Fedora/3.0.5-1.fc13 Thunderbird/3.0.5
MIME-Version: 1.0
To: dnsop@ietf.org
References: <20100629133009.CBCB63A6A65@core3.amsl.com>
In-Reply-To: <20100629133009.CBCB63A6A65@core3.amsl.com>
X-Enigmail-Version: 1.0.1
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.2.3 (open.nlnetlabs.nl [IPv6:2001:7b8:206:1::1]); Tue, 29 Jun 2010 16:29:41 +0200 (CEST)
Subject: Re: [DNSOP] I-D Action:draft-ietf-dnsop-dnssec-trust-history-02.txt
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsop>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 29 Jun 2010 14:29:33 -0000
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi DnsOP WG, As you saw announced, a new version of the trust history draft. Includes new sections (thanks Andrew Sullivan!) that explain why exactly these old keys, expired signatures, and revoked flags are useful and proper. The algorithm is mostly the same with minor nits, but the explanation for deployment has increased significantly. I would appreciate review of the working group, as I feel the algorithm is pretty much done, and if the considerations for usage can be shown then the draft can progress and help the soon-to-be-signed domains :-) . Handy link to the superb tools page with diff http://tools.ietf.org/html/draft-ietf-dnsop-dnssec-trust-history-02 Best regards, Wouter On 06/29/2010 03:30 PM, Internet-Drafts@ietf.org wrote: > Title : DNSSEC Trust Anchor History Service > Author(s) : W. Wijngaards, O. Kolkman > Filename : draft-ietf-dnsop-dnssec-trust-history-02.txt > Pages : 11 > Date : 2010-06-29 > > When DNS validators have trusted keys, but have been offline for a > longer period, key rollover will fail and they are stuck with stale > trust anchors. History service allows validators to query for older > DNSKEY RRsets and pick up the rollover trail where they left off. > > A URL for this Internet-Draft is: > http://www.ietf.org/internet-drafts/draft-ietf-dnsop-dnssec-trust-history-02.txt -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.14 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAkwqA1UACgkQkDLqNwOhpPhIsACgnlanL5cHD+a8hpM/WxR4nGyD BPsAnj3TVrD2u1HRBZaCpMayggbIm7cQ =VLBl -----END PGP SIGNATURE-----
- [DNSOP] I-D Action:draft-ietf-dnsop-dnssec-trust-… Internet-Drafts
- Re: [DNSOP] I-D Action:draft-ietf-dnsop-dnssec-tr… W.C.A. Wijngaards