IETF Logo Mail Archive

Re: [DNSOP] Expiration impending: <draft-jabley-dnssec-trust-anchor-11.txt>

Mehmet Akcin <mehmet@akcin.net> Sat, 31 October 2015 18:45 UTC

Return-Path: <mehmet@akcin.net>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B67CB1A8999 for <dnsop@ietfa.amsl.com>; Sat, 31 Oct 2015 11:45:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.277
X-Spam-Level:
X-Spam-Status: No, score=-1.277 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bEwuFAuAO9ZH for <dnsop@ietfa.amsl.com>; Sat, 31 Oct 2015 11:45:03 -0700 (PDT)
Received: from mail-qk0-x22c.google.com (mail-qk0-x22c.google.com [IPv6:2607:f8b0:400d:c09::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B0A491A8997 for <dnsop@ietf.org>; Sat, 31 Oct 2015 11:45:02 -0700 (PDT)
Received: by qkdl128 with SMTP id l128so18209682qkd.0 for <dnsop@ietf.org>; Sat, 31 Oct 2015 11:45:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akcin_net.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=KiNKAPvPka7rFEUhKCa31+kAXvoTv0wkEXaJcMDY0L0=; b=tE4SdHs5Zge5ZXz8oglkiyhnwsykwAea+RcMuzX2BtQTYtToK0wRecAXiNF651iuAc 1JLZbR5HcYkFzEy3nf9+9wV1NSQksUlx4cabsKifKoJQkeUoJbRWTNALweCLlypO1o4E BvdxnxceNcnsFWnk7KdzhZvHygjez/Ojoq/bQ4p5hhHCB4z789IjZDkCFP27nJ5sN36F UAQ776RJposmr2wzdMov50XobNCLP3u4iCFHRWooUBZ6ODu44K/5aTlSeuxAQtmPMbbj 5XlBmXQV492rjta0fgECfp7Kr743rWuEnlXwyKgtcnAHhwOjtd+HluMB77SPl9nlvbJR W+hA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=KiNKAPvPka7rFEUhKCa31+kAXvoTv0wkEXaJcMDY0L0=; b=U0yVrWLy+o8/fLMfH/Wj1LACJLRwrjcPAaXNwepmjyuGXOUa5UxSNcEh2tDTImhKhx 312tF/DkYhOXTz4WC/xVu1rhmFi8qUbzygaqYJRwXqIjUqB71UpX/ER+wh7+KOLz3Su1 xukEEkq4Ujh87oiGv0Fmh79biO7xDTy/CSoYo6fJMF33Ok4czLssSL0KDHnXzDRq2U03 KBUZOIf/aMzyZXCp9T9+3zEwLWOoinW0mJYtGsX+rrMAVfkxcxE5RWLKCPJcbzlNJNzK xHA9r3+0nvktS+ZYSCWKJ91svbNzrf9uUd/oSqNlmdZshPPTToxJg4bwP/QyowoQKLrU jWWw==
X-Gm-Message-State: ALoCoQlSjPl6JRQP9AazNJN6K66qnBdxZ3oRFjwvSUuD2kuJlRSvVAOl9PKnHlX24t26Cx1rrkVJ
MIME-Version: 1.0
X-Received: by 10.55.77.71 with SMTP id a68mr18653788qkb.106.1446317101894; Sat, 31 Oct 2015 11:45:01 -0700 (PDT)
Received: by 10.55.46.130 with HTTP; Sat, 31 Oct 2015 11:45:01 -0700 (PDT)
X-Originating-IP: [172.56.42.156]
In-Reply-To: <245f584f55824d1cb3a804fc84f5eaba@PMBX112-W1-CA-1.PEXCH112.ICANN.ORG>
References: <20150928114202.823.19868.idtracker@ietfa.amsl.com> <20150928155325.GA63874@gaon.net> <20150929095301.32c3e6a3@casual> <13F1D87F-1C07-40EB-86B0-564C4109C9B0@virtualized.org> <1973252D-924F-4EF1-A38F-5EC01AD331F6@gmail.com> <FDD04DCC-59C5-41F5-8CAF-1EF31CD65A34@virtualized.org> <63E1E01E-C172-4A0F-B434-F796546BB657@gmail.com> <C4FA9FA6-76E3-4FF3-862B-C5C0DF75C761@kirei.se> <D1C15986-603E-4932-B551-0497638D9849@vpnc.org> <02869F43-87A4-4797-8FD3-276C02DF665D@kirei.se> <EEA946B1-8BF3-4AB7-99D2-4C8CDCCF0EC0@vpnc.org> <F412CE02-C0BA-425E-BBF9-3A40B2B5FEA7@vpnc.org> <9F52E6FC-E503-4E3A-9998-363BF514CC1A@hopcount.ca> <D2C7120E-D13A-4372-8A8D-FE16DDDB5AEA@vpnc.org> <6CE2A233-0CD3-4490-BDDE-A0E82B305F05@hopcount.ca> <97AFB21E-9233-4753-8F89-A6AC6C6B079B@vpnc.org> <A1B41B27-AFB0-4B42-9F46-AA1D8D5D00F6@hopcount.ca> <D3A29F92-2A24-4CEC-93CF-164BD2497C1E@vpnc.org> <BFB819A9-9C50-4049-A5F0-5054CD86EC94@hopcount.ca> <70FA923D-C067-492E-A1EA-7B88754C2D5B@gmail.com> <56138BDB.60709@nlnetlabs.nl> <245f584f55824d1cb3a804fc84f5eaba@PMBX112-W1-CA-1.PEXCH112.ICANN.ORG>
Date: Sat, 31 Oct 2015 11:45:01 -0700
Message-ID: <CA+LTh5X8K+MiMdJ2cst-8r5vuff+xmKevtJO9y6EbwseA=dEmA@mail.gmail.com>
From: Mehmet Akcin <mehmet@akcin.net>
To: Richard Lamb <richard.lamb@icann.org>
Content-Type: multipart/alternative; boundary="001a114a7a1a1761c605236af1b4"
Archived-At: <http://mailarchive.ietf.org/arch/msg/dnsop/nfdyNEeDKgMgGlSyO75vnIIMlss>
Cc: "dnsop@ietf.org" <dnsop@ietf.org>
Subject: Re: [DNSOP] Expiration impending: <draft-jabley-dnssec-trust-anchor-11.txt>
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 31 Oct 2015 18:45:04 -0000

This is a good suggestion. I support it.

Mehmet

On Saturday, October 31, 2015, Richard Lamb <richard.lamb@icann.org> wrote:

> Given that there are least three implementations based on this draft in
> widespread use, IMHO, I believe this draft should move forward as is.  As
> mentioned below, a stable reference would be useful for implementers like
> myself. -Rick
>
>
> -----Original Message-----
> From: DNSOP [mailto:dnsop-bounces@ietf.org <javascript:;>] On Behalf Of
> W.C.A. Wijngaards
> Sent: Tuesday, October 6, 2015 1:53 AM
> To: dnsop@ietf.org <javascript:;>
> Subject: Re: [DNSOP] Expiration impending:
> <draft-jabley-dnssec-trust-anchor-11.txt>
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Hi,
>
> On 05/10/15 23:42, Suzanne Woolf wrote:
> > All,
> >
> > First, thanks to the engaging on this.
> >
> > On Oct 5, 2015, at 5:20 PM, "Joe Abley" <jabley@hopcount.ca
> <javascript:;>>
> > wrote:
> >>
> >> Perhaps it's time to sit back and wait for others here to express an
> >> opinion.
> >
> > I'd like to hear opinions from others in the WG with an operational
> > interest in the DNSSEC root trust anchor.
>
> It documents a procedure we implemented, and a stable reference would be a
> good thing.
>
> > Does this document meet a need you have? If so, how well does it meet
> > the need, and what would it take (if anything) for the document to
> > meet that need more effectively?
>
> Unbound implements the draft in open source, in its own command-line tool
> 'unbound-anchor'.  It combines a compiled-in root-anchor, with
> RFC5011 rollover and this draft.  At the first start it has failover over
> from the initial anchor to the next option, and this draft is the
> fallback.  On subsequent invocations it keeps state, a rolling anchor that
> it keeps track of.  If RFC5011 tracking fails, it uses this draft to fetch
> the xml file with the new key.  The tool is organisation-agnostic and can
> also be configured to perform the same mechanics in another environment
> (eg. test environments).
>
> Best regards, Wouter
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2
>
> iQIcBAEBCAAGBQJWE4vbAAoJEJ9vHC1+BF+NxPMQAIAmFaUaF6ZKQvzMLZ+yAuDm
> 66MaTO2i68q6LH3ZHCEl6dXMz3sGL+8RaKCN1IK6EyvXUIoCaulkJdbem4MeFsGk
> /w1Bxxfybgao5+pBPd3Ciz6caYfMHrfkqFL7broBsCLNBlfwVUEUPBJpfYQbF8i+
> TQaqyGm/oH2VPtFq03HL/o/CJUgbZNQWT1CKdzEEuoyrmyotzXQkfsnXrW79t/hW
> tt8Aeq5VSHpBbkSlrq8EYDunhjwQKgJwhx/YUVpqF/JrjO7KDqzO7QabYY4i1h95
> LTdcZmrWUfKSPnzN0lD3MSmSvJMMgz18VBXQLO2cHj0QDaDFd9pe0mud0em9gIPz
> hLhyWvbxeNasT8CbH5vwJ77p/6xmhMsYT4C2EHtJacPmG9Y4BfUDyo1d0hec0eF5
> uLmpbp+TCicd3dHNNcIPWjDcxyCT7lTNOLPS78fSOhdju2khijn9b7RPnTqjtmUV
> Wf8IIYnN0fIapymNsiNXqarV3uC8ly7XhnqK+XQ6z7KgArh/OkrFcGiJAcHn1wlr
> mSkSKeeGpF8snSlbnMX9+Y9TvBCFrNOP+awzDvKqBnV3yS5Cu2bPottH9Yp/xs96
> E36eMwX35WUuh7uOCKR4IswpjChds0jSW75oJ6GYb9ItLfy6ehuGbyUFD2AW130y
> SrOmADZfr8SG6aGxUokH
> =4snr
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> DNSOP mailing list
> DNSOP@ietf.org <javascript:;>
> https://www.ietf.org/mailman/listinfo/dnsop
>
> _______________________________________________
> DNSOP mailing list
> DNSOP@ietf.org <javascript:;>
> https://www.ietf.org/mailman/listinfo/dnsop
>

v2.23.0 | Report a Bug | By Email