IETF Logo Mail Archive

Re: [DNSOP] Expiration impending: <draft-jabley-dnssec-trust-anchor-11.txt>

"Joe Abley" <jabley@hopcount.ca> Mon, 05 October 2015 21:20 UTC

Return-Path: <jabley@hopcount.ca>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AD1C71B5040 for <dnsop@ietfa.amsl.com>; Mon, 5 Oct 2015 14:20:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zUmwe-UbMdxT for <dnsop@ietfa.amsl.com>; Mon, 5 Oct 2015 14:20:56 -0700 (PDT)
Received: from mail-io0-x22a.google.com (mail-io0-x22a.google.com [IPv6:2607:f8b0:4001:c06::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 75BA81B503B for <dnsop@ietf.org>; Mon, 5 Oct 2015 14:20:56 -0700 (PDT)
Received: by ioii196 with SMTP id i196so200430506ioi.3 for <dnsop@ietf.org>; Mon, 05 Oct 2015 14:20:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hopcount.ca; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-type; bh=C7dGaCy+D6D9+abELH/rGn6At7wKMPztM9NuNiD4q4Y=; b=MiJvrR+NPLIkqWOYw5ugeOXguF7kn4rYLw40dKG+DV7+mgfmNGs44t5FchSCoNF6Qq RRAKRF3lc/XnQK5JcgG8jNGl/Mbt1aVxz00MOoXL0rtwwae2Y9DqoxPyB0CWHZtaOB6D oclDyUoQf1vrMjCxURjjfApJA58gRpM7nla4o=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-type; bh=C7dGaCy+D6D9+abELH/rGn6At7wKMPztM9NuNiD4q4Y=; b=RItkjddtsZaQ7M5PG5Tm4X66H0Z2/8BpVnMvDqUT5FvzGmqxtEzMYElpJZANmQg93E dFcftGn2V4Qb0TN/6Di4IC56UXlNNczilQ25fsplqCHLY8pNZGvwLRtE0YnbGytYwy30 zZ33/J0iIOthEWli3LxI/2+G+xKS/KA90R031JbWrI8SERvwq9Zs9gOYJNd7q92wMl7D f/t0kLC6aXsk3gSX+KAeBJqhrBEo71ZWHzOMSBfB5+yI31shPwRkB1X6tntcYZlTkCDu Jipd2f4fAJyW0Q77+/15EZ5P/GQxa+AFGEF5cPNjzmv0lqFcw/Gn/OoQVNWVMdTDjLy+ WPLA==
X-Gm-Message-State: ALoCoQmSNrIiHgWMEaOC4kBG76T/yTp3ur5y/hqTabwF86Paw2FiAhwxdq+yabPs5HtgnwXhabSS
X-Received: by 10.107.166.201 with SMTP id p192mr37334030ioe.0.1444080055811; Mon, 05 Oct 2015 14:20:55 -0700 (PDT)
Received: from [172.19.131.226] (135-23-68-43.cpe.pppoe.ca. [135.23.68.43]) by smtp.gmail.com with ESMTPSA id kc2sm5544323igb.0.2015.10.05.14.20.54 (version=TLSv1 cipher=RC4-SHA bits=128/128); Mon, 05 Oct 2015 14:20:55 -0700 (PDT)
From: Joe Abley <jabley@hopcount.ca>
To: Paul Hoffman <paul.hoffman@vpnc.org>
Date: Mon, 05 Oct 2015 17:20:54 -0400
Message-ID: <BFB819A9-9C50-4049-A5F0-5054CD86EC94@hopcount.ca>
In-Reply-To: <D3A29F92-2A24-4CEC-93CF-164BD2497C1E@vpnc.org>
References: <20150928114202.823.19868.idtracker@ietfa.amsl.com> <0E4AA958-7740-4602-A3CF-D2E481DBC15E@hopcount.ca> <20150928155325.GA63874@gaon.net> <20150929095301.32c3e6a3@casual> <13F1D87F-1C07-40EB-86B0-564C4109C9B0@virtualized.org> <1973252D-924F-4EF1-A38F-5EC01AD331F6@gmail.com> <FDD04DCC-59C5-41F5-8CAF-1EF31CD65A34@virtualized.org> <63E1E01E-C172-4A0F-B434-F796546BB657@gmail.com> <C4FA9FA6-76E3-4FF3-862B-C5C0DF75C761@kirei.se> <D1C15986-603E-4932-B551-0497638D9849@vpnc.org> <02869F43-87A4-4797-8FD3-276C02DF665D@kirei.se> <EEA946B1-8BF3-4AB7-99D2-4C8CDCCF0EC0@vpnc.org> <F412CE02-C0BA-425E-BBF9-3A40B2B5FEA7@vpnc.org> <9F52E6FC-E503-4E3A-9998-363BF514CC1A@hopcount.ca> <D2C7120E-D13A-4372-8A8D-FE16DDDB5AEA@vpnc.org> <6CE2A233-0CD3-4490-BDDE-A0E82B305F05@hopcount.ca> <97AFB21E-9233-4753-8F89-A6AC6C6B079B@vpnc.org> <A1B41B27-AFB0-4B42-9F46-AA1D8D5D00F6@hopcount.ca> <D3A29F92-2A24-4CEC-93CF-164BD2497C1E@vpnc.org>
MIME-Version: 1.0
Content-Type: text/plain; format="flowed"
X-Mailer: MailMate (1.9.2r5141)
Archived-At: <http://mailarchive.ietf.org/arch/msg/dnsop/Q9ohD8vAi71pJvYFLLgiiyHIS0o>
Cc: dnsop WG <dnsop@ietf.org>
Subject: Re: [DNSOP] Expiration impending: <draft-jabley-dnssec-trust-anchor-11.txt>
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 05 Oct 2015 21:20:57 -0000


On 5 Oct 2015, at 17:16, Paul Hoffman wrote:

> On 5 Oct 2015, at 17:00, Joe Abley wrote:
>
>> OK, I agree they are templates.
>>
>> I disagree that it makes sense to publish URLs that refer to just the 
>> key label used by the currently active KSK. That would make this 
>> document inaccurate as soon as a KSK roll occurred, despite the fact 
>> that it aims to document the way that the current and future 
>> successor trust anchors are published.
>
> It sounds like you don't want to limit the document to what many 
> people have asked, namely to document ICANN's current methods for 
> publishing the KSK. That's a fine desire, but it is quite sloppy to 
> conflate the two.

I think we've passed the point of diminishing returns on this point (if 
not this thread).

My perspective remains that the document does exactly what you 
characterise it as not doing. Perhaps it's time to sit back and wait for 
others here to express an opinion.

>> The "key-label" token is intended to be taken from the 
>> root-anchors.xml file, which is cited with a stable URL.
>
> The term "key-label" does not appear in Section 2.1, so there is not 
> even a description of how to fill in the template.

That sounds like a change we could make that would aid clarity. Thanks 
-- we'll review and see what we can do.


Joe

v2.23.0 | Report a Bug | By Email