[dnsop] draft-ietf-dnsop-key-rollover-requirements-01.txt
Miek Gieben <miekg@atoom.net> Thu, 07 October 2004 12:56 UTC
Received: from darkwing.uoregon.edu (root@darkwing.uoregon.edu [128.223.142.13]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id IAA12637 for <dnsop-archive@lists.ietf.org>; Thu, 7 Oct 2004 08:56:34 -0400 (EDT)
Received: from darkwing.uoregon.edu (majordom@localhost [127.0.0.1]) by darkwing.uoregon.edu (8.12.11/8.12.11) with ESMTP id i97AF43m004050; Thu, 7 Oct 2004 03:15:04 -0700 (PDT)
Received: (from majordom@localhost) by darkwing.uoregon.edu (8.12.11/8.12.11/Submit) id i97AF4LW004049; Thu, 7 Oct 2004 03:15:04 -0700 (PDT)
Received: from sol.nlnetlabs.nl (sol.nlnetlabs.nl [213.154.224.43]) by darkwing.uoregon.edu (8.12.11/8.12.11) with ESMTP id i97AF3LJ004020 for <dnsop@lists.uoregon.edu>; Thu, 7 Oct 2004 03:15:03 -0700 (PDT)
Received: from elektron.atoom.net (vhe-530008.sshn.net [195.169.222.38]) by sol.nlnetlabs.nl (Postfix) with ESMTP id 5C641165EAF for <dnsop@lists.uoregon.edu>; Thu, 7 Oct 2004 12:15:01 +0200 (CEST)
Received: from elektron.atoom.net (localhost [127.0.0.1]) by elektron.atoom.net (8.13.1/8.13.1/Debian-14) with ESMTP id i97AExBG000897 for <dnsop@lists.uoregon.edu>; Thu, 7 Oct 2004 12:15:00 +0200
Received: (from miekg@localhost) by elektron.atoom.net (8.13.1/8.13.1/Debian-14) id i97AExbR000894 for dnsop@lists.uoregon.edu; Thu, 7 Oct 2004 12:14:59 +0200
Date: Thu, 07 Oct 2004 12:14:59 +0200
From: Miek Gieben <miekg@atoom.net>
To: dnsop <dnsop@lists.uoregon.edu>
Subject: [dnsop] draft-ietf-dnsop-key-rollover-requirements-01.txt
Message-ID: <20041007101459.GA773@atoom.net>
Mail-Followup-To: dnsop <dnsop@lists.uoregon.edu>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
User-Agent: Vim/Mutt/Linux
X-Home: www.miek.nl
X-Spam-Status: No, hits=0.0 required=5.0 tests=none autolearn=no version=2.64
X-Spam-Checker-Version: SpamAssassin 2.64 (2004-01-11) on elektron.atoom.net
X-Virus-Scanned: by amavisd-new
Sender: owner-dnsop@lists.uoregon.edu
Precedence: bulk
Reply-To: Miek Gieben <miekg@atoom.net>
Hello,
I've read the this draft again, and I still have trouble seeing what it
is trying to say.
Olaf and I have incorperated some text from this draft into our operational
practices document (with consent from Gilles). This has lead to the following
paragraph being included:
3.3.4 Automated Key Rollovers
As keys must be renewed periodically, there are some motivation to
automate the rollover process.
o ZSK rollovers are easy to automate as only the local zone is
involved.
o A KSK rollover needs interaction between the parent and child.
Data exchange is needed to provide the new keys to the parent,
consequently, this data must be authenticated and integrity must
be guaranted in order to avoid attacks on the rollover.
o All time and TTL considerations presented in Section 3.3 apply to
an automated rollover.
With this text being added here (and credits being given ofcourse), what should
happen with the draft-ietf-dnsop-key-rollover-requirements-01.txt?
grtz,
--Miek
.
dnsop resources:_____________________________________________________
web user interface: http://darkwing.uoregon.edu/~llynch/dnsop.html
mhonarc archive: http://darkwing.uoregon.edu/~llynch/dnsop/index.html