IETF Logo Mail Archive

Re: [DNSOP] Expiration impending: <draft-jabley-dnssec-trust-anchor-11.txt>

Richard Lamb <richard.lamb@icann.org> Mon, 05 October 2015 16:00 UTC

Return-Path: <richard.lamb@icann.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 72CD41B3209 for <dnsop@ietfa.amsl.com>; Mon, 5 Oct 2015 09:00:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.43
X-Spam-Level:
X-Spam-Status: No, score=-3.43 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_NEUTRAL=0.779, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FCZzS2fcpKrK for <dnsop@ietfa.amsl.com>; Mon, 5 Oct 2015 09:00:14 -0700 (PDT)
Received: from out.west.pexch112.icann.org (pfe112-ca-1.pexch112.icann.org [64.78.40.7]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 68F191B31E2 for <dnsop@ietf.org>; Mon, 5 Oct 2015 08:58:16 -0700 (PDT)
Received: from PMBX112-W1-CA-1.pexch112.icann.org (64.78.40.21) by PMBX112-W1-CA-1.pexch112.icann.org (64.78.40.21) with Microsoft SMTP Server (TLS) id 15.0.1044.25; Mon, 5 Oct 2015 08:58:13 -0700
Received: from PMBX112-W1-CA-1.pexch112.icann.org ([64.78.40.21]) by PMBX112-W1-CA-1.PEXCH112.ICANN.ORG ([64.78.40.21]) with mapi id 15.00.1044.021; Mon, 5 Oct 2015 08:58:13 -0700
From: Richard Lamb <richard.lamb@icann.org>
To: George Michaelson <ggm@algebras.org>, Joe Abley <jabley@hopcount.ca>
Thread-Topic: [DNSOP] Expiration impending: <draft-jabley-dnssec-trust-anchor-11.txt>
Thread-Index: AQHQ+uOs5dFmRxFvI0qeZhMj8Aqbjp5Y2ToAgANDioCAAAdjgIABNFYAgAAE+gCAAAaUgIAAAe8AgAADvgCAAAYKgIAAB/mAgAADd4CAAAM3gP//lAhA
Date: Mon, 05 Oct 2015 15:58:13 +0000
Message-ID: <afb891d208a34bd4911f85c03495b211@PMBX112-W1-CA-1.PEXCH112.ICANN.ORG>
References: <20150928114202.823.19868.idtracker@ietfa.amsl.com> <0E4AA958-7740-4602-A3CF-D2E481DBC15E@hopcount.ca> <20150928155325.GA63874@gaon.net> <20150929095301.32c3e6a3@casual> <13F1D87F-1C07-40EB-86B0-564C4109C9B0@virtualized.org> <1973252D-924F-4EF1-A38F-5EC01AD331F6@gmail.com> <FDD04DCC-59C5-41F5-8CAF-1EF31CD65A34@virtualized.org> <63E1E01E-C172-4A0F-B434-F796546BB657@gmail.com> <C4FA9FA6-76E3-4FF3-862B-C5C0DF75C761@kirei.se> <D1C15986-603E-4932-B551-0497638D9849@vpnc.org> <02869F43-87A4-4797-8FD3-276C02DF665D@kirei.se> <EEA946B1-8BF3-4AB7-99D2-4C8CDCCF0EC0@vpnc.org> <F412CE02-C0BA-425E-BBF9-3A40B2B5FEA7@vpnc.org> <9F52E6FC-E503-4E3A-9998-363BF514CC1A@hopcount.ca> <CAKr6gn2HG9apg9Kz9wAk-mhyCFFXKk_ZthfwdMaU+daULarhsg@mail.gmail.com> <93B4F751-C7EA-4081-A1B6-1AB9FCED4340@hopcount.ca> <CAKr6gn3MgO1m4--cwRo9LSAUDJ7cmbPMy4jYzX55=3z3U_UnkQ@mail.gmail.com>
In-Reply-To: <CAKr6gn3MgO1m4--cwRo9LSAUDJ7cmbPMy4jYzX55=3z3U_UnkQ@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [192.0.32.234]
Content-Type: multipart/alternative; boundary="_000_afb891d208a34bd4911f85c03495b211PMBX112W1CA1PEXCH112ICA_"
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/dnsop/XRvAbrKd01f6FtGVNx7FW8z95Fg>
Cc: dnsop WG <dnsop@ietf.org>, Paul Hoffman <paul.hoffman@vpnc.org>
Subject: Re: [DNSOP] Expiration impending: <draft-jabley-dnssec-trust-anchor-11.txt>
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 05 Oct 2015 16:00:16 -0000

Sheesh..I thought we were talking about engineering issues.

Speaking only as the humble engineer who helped develop the publication methods and wrote the software that generates all the pieces, the most recent draft does describe what my programs, scripts, and other pieces do.  If there is any technical variance, please let me know I don’t pretend to be perfect.  I run another copy of some of the pieces on my KSK rollover test setup now, so id like to know.

I have no opinion regarding the more abstract discussion regarding where such a description belongs and look to learn from those better versed in that subject.

-Rick



From: DNSOP [mailto:dnsop-bounces@ietf.org] On Behalf Of George Michaelson
Sent: Monday, October 5, 2015 8:07 AM
To: Joe Abley <jabley@hopcount.ca>
Cc: dnsop WG <dnsop@ietf.org>; Paul Hoffman <paul.hoffman@vpnc.org>
Subject: Re: [DNSOP] Expiration impending: <draft-jabley-dnssec-trust-anchor-11.txt>

If its on the internet, its not out of band.

On Mon, Oct 5, 2015 at 9:55 AM, Joe Abley <jabley@hopcount.ca<mailto:jabley@hopcount.ca>> wrote:


On 5 Oct 2015, at 10:42, George Michaelson wrote:

> Something very left field for me, but I believe important, is that we need
> to also publish the out-of-band publication point of the trust material.

This draft is exclusively concerned with publishing trust anchors out-of-band of the protocol.

> I mentioned this to Joe some time ago and was very correctly told "out of
> scope" but I believe its nonsensical to exclude physical publication, eg in
> newspapers of record for at least 3 economies worldwide, of the hash of the
> public key as a standing event.

This draft aims to document current practice. To my knowledge, nobody has ever published a trust anchor (or even a pointer to it) in print media.

> In-band only has some issues for me, if we are talking about trust.

Me too, hence the decision by ICANN to publish trust anchors using out-of-band mechanisms in 2009/2010, as this draft aims to document.


Joe

v2.23.0 | Report a Bug | By Email