Re: [DNSOP] Expiration impending: <draft-jabley-dnssec-trust-anchor-11.txt>
Richard Lamb <richard.lamb@icann.org> Mon, 05 October 2015 16:00 UTC
Return-Path: <richard.lamb@icann.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 72CD41B3209 for <dnsop@ietfa.amsl.com>; Mon, 5 Oct 2015 09:00:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.43
X-Spam-Level:
X-Spam-Status: No, score=-3.43 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_NEUTRAL=0.779, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FCZzS2fcpKrK for <dnsop@ietfa.amsl.com>; Mon, 5 Oct 2015 09:00:14 -0700 (PDT)
Received: from out.west.pexch112.icann.org (pfe112-ca-1.pexch112.icann.org [64.78.40.7]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 68F191B31E2 for <dnsop@ietf.org>; Mon, 5 Oct 2015 08:58:16 -0700 (PDT)
Received: from PMBX112-W1-CA-1.pexch112.icann.org (64.78.40.21) by PMBX112-W1-CA-1.pexch112.icann.org (64.78.40.21) with Microsoft SMTP Server (TLS) id 15.0.1044.25; Mon, 5 Oct 2015 08:58:13 -0700
Received: from PMBX112-W1-CA-1.pexch112.icann.org ([64.78.40.21]) by PMBX112-W1-CA-1.PEXCH112.ICANN.ORG ([64.78.40.21]) with mapi id 15.00.1044.021; Mon, 5 Oct 2015 08:58:13 -0700
From: Richard Lamb <richard.lamb@icann.org>
To: George Michaelson <ggm@algebras.org>, Joe Abley <jabley@hopcount.ca>
Thread-Topic: [DNSOP] Expiration impending: <draft-jabley-dnssec-trust-anchor-11.txt>
Thread-Index: AQHQ+uOs5dFmRxFvI0qeZhMj8Aqbjp5Y2ToAgANDioCAAAdjgIABNFYAgAAE+gCAAAaUgIAAAe8AgAADvgCAAAYKgIAAB/mAgAADd4CAAAM3gP//lAhA
Date: Mon, 05 Oct 2015 15:58:13 +0000
Message-ID: <afb891d208a34bd4911f85c03495b211@PMBX112-W1-CA-1.PEXCH112.ICANN.ORG>
References: <20150928114202.823.19868.idtracker@ietfa.amsl.com> <0E4AA958-7740-4602-A3CF-D2E481DBC15E@hopcount.ca> <20150928155325.GA63874@gaon.net> <20150929095301.32c3e6a3@casual> <13F1D87F-1C07-40EB-86B0-564C4109C9B0@virtualized.org> <1973252D-924F-4EF1-A38F-5EC01AD331F6@gmail.com> <FDD04DCC-59C5-41F5-8CAF-1EF31CD65A34@virtualized.org> <63E1E01E-C172-4A0F-B434-F796546BB657@gmail.com> <C4FA9FA6-76E3-4FF3-862B-C5C0DF75C761@kirei.se> <D1C15986-603E-4932-B551-0497638D9849@vpnc.org> <02869F43-87A4-4797-8FD3-276C02DF665D@kirei.se> <EEA946B1-8BF3-4AB7-99D2-4C8CDCCF0EC0@vpnc.org> <F412CE02-C0BA-425E-BBF9-3A40B2B5FEA7@vpnc.org> <9F52E6FC-E503-4E3A-9998-363BF514CC1A@hopcount.ca> <CAKr6gn2HG9apg9Kz9wAk-mhyCFFXKk_ZthfwdMaU+daULarhsg@mail.gmail.com> <93B4F751-C7EA-4081-A1B6-1AB9FCED4340@hopcount.ca> <CAKr6gn3MgO1m4--cwRo9LSAUDJ7cmbPMy4jYzX55=3z3U_UnkQ@mail.gmail.com>
In-Reply-To: <CAKr6gn3MgO1m4--cwRo9LSAUDJ7cmbPMy4jYzX55=3z3U_UnkQ@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [192.0.32.234]
Content-Type: multipart/alternative; boundary="_000_afb891d208a34bd4911f85c03495b211PMBX112W1CA1PEXCH112ICA_"
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/dnsop/XRvAbrKd01f6FtGVNx7FW8z95Fg>
Cc: dnsop WG <dnsop@ietf.org>, Paul Hoffman <paul.hoffman@vpnc.org>
Subject: Re: [DNSOP] Expiration impending: <draft-jabley-dnssec-trust-anchor-11.txt>
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 05 Oct 2015 16:00:16 -0000
Sheesh..I thought we were talking about engineering issues. Speaking only as the humble engineer who helped develop the publication methods and wrote the software that generates all the pieces, the most recent draft does describe what my programs, scripts, and other pieces do. If there is any technical variance, please let me know I don’t pretend to be perfect. I run another copy of some of the pieces on my KSK rollover test setup now, so id like to know. I have no opinion regarding the more abstract discussion regarding where such a description belongs and look to learn from those better versed in that subject. -Rick From: DNSOP [mailto:dnsop-bounces@ietf.org] On Behalf Of George Michaelson Sent: Monday, October 5, 2015 8:07 AM To: Joe Abley <jabley@hopcount.ca> Cc: dnsop WG <dnsop@ietf.org>; Paul Hoffman <paul.hoffman@vpnc.org> Subject: Re: [DNSOP] Expiration impending: <draft-jabley-dnssec-trust-anchor-11.txt> If its on the internet, its not out of band. On Mon, Oct 5, 2015 at 9:55 AM, Joe Abley <jabley@hopcount.ca<mailto:jabley@hopcount.ca>> wrote: On 5 Oct 2015, at 10:42, George Michaelson wrote: > Something very left field for me, but I believe important, is that we need > to also publish the out-of-band publication point of the trust material. This draft is exclusively concerned with publishing trust anchors out-of-band of the protocol. > I mentioned this to Joe some time ago and was very correctly told "out of > scope" but I believe its nonsensical to exclude physical publication, eg in > newspapers of record for at least 3 economies worldwide, of the hash of the > public key as a standing event. This draft aims to document current practice. To my knowledge, nobody has ever published a trust anchor (or even a pointer to it) in print media. > In-band only has some issues for me, if we are talking about trust. Me too, hence the decision by ICANN to publish trust anchors using out-of-band mechanisms in 2009/2010, as this draft aims to document. Joe
- [DNSOP] Fwd: Expiration impending: <draft-jabley-… Joe Abley
- Re: [DNSOP] Fwd: Expiration impending: <draft-jab… Shane Kerr
- Re: [DNSOP] Fwd: Expiration impending: <draft-jab… Andras Salamon
- Re: [DNSOP] Expiration impending: <draft-jabley-d… Paul Hoffman
- Re: [DNSOP] Expiration impending: <draft-jabley-d… Joe Abley
- Re: [DNSOP] Fwd: Expiration impending: <draft-jab… Shane Kerr
- Re: [DNSOP] Expiration impending: <draft-jabley-d… David Conrad
- Re: [DNSOP] Expiration impending: <draft-jabley-d… Suzanne Woolf
- Re: [DNSOP] Expiration impending: <draft-jabley-d… David Conrad
- Re: [DNSOP] Expiration impending: <draft-jabley-d… Suzanne Woolf
- Re: [DNSOP] Expiration impending: <draft-jabley-d… David Conrad
- Re: [DNSOP] Expiration impending: <draft-jabley-d… Suzanne Woolf
- Re: [DNSOP] Expiration impending: <draft-jabley-d… Joe Abley
- Re: [DNSOP] Expiration impending: <draft-jabley-d… Jakob Schlyter
- Re: [DNSOP] Expiration impending: <draft-jabley-d… Paul Hoffman
- Re: [DNSOP] Expiration impending: <draft-jabley-d… Jakob Schlyter
- Re: [DNSOP] Expiration impending: <draft-jabley-d… Tim Wicinski
- Re: [DNSOP] Expiration impending: <draft-jabley-d… Paul Hoffman
- Re: [DNSOP] Expiration impending: <draft-jabley-d… Paul Hoffman
- Re: [DNSOP] Expiration impending: <draft-jabley-d… Joe Abley
- Re: [DNSOP] Expiration impending: <draft-jabley-d… George Michaelson
- Re: [DNSOP] Expiration impending: <draft-jabley-d… Joe Abley
- Re: [DNSOP] Expiration impending: <draft-jabley-d… George Michaelson
- Re: [DNSOP] Expiration impending: <draft-jabley-d… Joe Abley
- Re: [DNSOP] Expiration impending: <draft-jabley-d… Richard Lamb
- Re: [DNSOP] Expiration impending: <draft-jabley-d… George Michaelson
- Re: [DNSOP] Expiration impending: <draft-jabley-d… Edward Lewis
- Re: [DNSOP] Expiration impending: <draft-jabley-d… manning
- Re: [DNSOP] Expiration impending: <draft-jabley-d… Paul Hoffman
- Re: [DNSOP] Expiration impending: <draft-jabley-d… Joe Abley
- Re: [DNSOP] Expiration impending: <draft-jabley-d… Paul Hoffman
- Re: [DNSOP] Expiration impending: <draft-jabley-d… Joe Abley
- Re: [DNSOP] Expiration impending: <draft-jabley-d… Paul Hoffman
- Re: [DNSOP] Expiration impending: <draft-jabley-d… Joe Abley
- Re: [DNSOP] Expiration impending: <draft-jabley-d… Suzanne Woolf
- Re: [DNSOP] Expiration impending: <draft-jabley-d… Mark Andrews
- Re: [DNSOP] Expiration impending: <draft-jabley-d… Ralf Weber
- Re: [DNSOP] Expiration impending: <draft-jabley-d… manning
- Re: [DNSOP] Expiration impending: <draft-jabley-d… W.C.A. Wijngaards
- Re: [DNSOP] Expiration impending: <draft-jabley-d… Andrew Sullivan
- Re: [DNSOP] Expiration impending: <draft-jabley-d… David Conrad
- Re: [DNSOP] Expiration impending: <draft-jabley-d… Andrew Sullivan
- Re: [DNSOP] Expiration impending: <draft-jabley-d… Paul Hoffman
- Re: [DNSOP] Expiration impending: <draft-jabley-d… manning
- Re: [DNSOP] Expiration impending: <draft-jabley-d… John Levine
- Re: [DNSOP] Expiration impending: <draft-jabley-d… Suzanne Woolf
- Re: [DNSOP] Expiration impending: <draft-jabley-d… David Conrad
- Re: [DNSOP] Expiration impending: <draft-jabley-d… manning
- Re: [DNSOP] Expiration impending: <draft-jabley-d… Joe Abley
- Re: [DNSOP] Expiration impending: <draft-jabley-d… manning
- Re: [DNSOP] Expiration impending: <draft-jabley-d… Joe Abley
- Re: [DNSOP] Expiration impending: <draft-jabley-d… Andrew Sullivan
- [DNSOP] Pity (was Re: Expiration impending: <draf… Andrew Sullivan
- Re: [DNSOP] Pity (was Re: Expiration impending: <… Paul Vixie
- Re: [DNSOP] Expiration impending: <draft-jabley-d… Suzanne Woolf
- Re: [DNSOP] Pity (was Re: Expiration impending: <… Suzanne Woolf
- Re: [DNSOP] Expiration impending: <draft-jabley-d… Richard Lamb
- Re: [DNSOP] Expiration impending: <draft-jabley-d… Mehmet Akcin