Re: [DNSOP] what i said at the mic (re: dnssec-key-timing)
Jelte Jansen <jelte@isc.org> Tue, 17 November 2009 20:44 UTC
Return-Path: <jelte@isc.org>
X-Original-To: dnsop@core3.amsl.com
Delivered-To: dnsop@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 8CD563A6989 for <dnsop@core3.amsl.com>; Tue, 17 Nov 2009 12:44:42 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.288
X-Spam-Level:
X-Spam-Status: No, score=-2.288 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HOST_MISMATCH_NET=0.311]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id H36mAWgUI7Su for <dnsop@core3.amsl.com>; Tue, 17 Nov 2009 12:44:41 -0800 (PST)
Received: from farside.isc.org (farside.isc.org [IPv6:2001:4f8:3:bb::5]) by core3.amsl.com (Postfix) with ESMTP id 851B53A67A1 for <dnsop@ietf.org>; Tue, 17 Nov 2009 12:44:41 -0800 (PST)
Received: from [192.168.8.11] (vhe-520087.sshn.net [195.169.221.157]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by farside.isc.org (Postfix) with ESMTP id 33C9EE6026; Tue, 17 Nov 2009 20:44:38 +0000 (UTC) (envelope-from jelte@isc.org)
Message-ID: <4B030AD1.6090607@isc.org>
Date: Tue, 17 Nov 2009 21:42:57 +0100
From: Jelte Jansen <jelte@isc.org>
User-Agent: Thunderbird 2.0.0.23 (X11/20090817)
MIME-Version: 1.0
To: Johan Ihren <johani@autonomica.se>
References: <4AFA7912.5040205@isc.org> <A796966D-5CCA-4E64-96BD-21BCB50EF550@autonomica.se>
In-Reply-To: <A796966D-5CCA-4E64-96BD-21BCB50EF550@autonomica.se>
X-Enigmail-Version: 0.95.7
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Cc: dnsop@ietf.org
Subject: Re: [DNSOP] what i said at the mic (re: dnssec-key-timing)
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsop>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Nov 2009 20:44:42 -0000
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Johan Ihren wrote: > > I don't remember exactly what I said, but what I meant was not that > "double signature" is sufficient to accomplish an algorithm rollover, > only that it was needed as part of one. So I think you and I agree hee. > I think so too, mostly :) I would dub what I proposed for algorithm rollovers 'reverse double signature' >> (btw i agree with olaf that some form of collaboration between these >> documents >> might be nice) > > Of course there will be, although I'm still skeptical about circular > dependencies. > Of course, though i rather see a circular dependency than an inter-rfc inconsistency. I was thinking more of collaborative documents :) > > This falls down into the question about whether to cover all the > rollover "methods" or make a recommendation and only cover that > alternative. My take away from the WG was that the key timing doc should > not make recommendations, but describe all the alternatives. > Well, since I am the proud owner of the humble opinion that algorithm rollover requires a substantially different method, I would personally like to see that method covered as well. >> I think a reference to 4641bis and a scheme to match the text there >> would be nice > > My primary issue with that is that as soon as we refer to 4641bis there > is a circular dependency and then the two documents must be published > together. My secondary issue is that I maintain my position that the key > timing document is "theory" while 4641bis is "practice". Therefore, as > the key timing document covers a more narrow topic in greater depth, > there is just no way to avoid references from 4641bis to us. > Ah, now there may lie the (a?) problem. I was thinking of 4641bis as the defining rfc (ie. what to do), and key timing as a mathematical description of (some of) the methods mentioned in the former (ie. how to do it). Jelte -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAksDCtEACgkQ4nZCKsdOncVzlACgnpChOSLEoQ5jeIzbOVWRusEY GIEAoKKi9RxVxbFHoo56IEoT68jZxT5Q =ZVam -----END PGP SIGNATURE-----
- [DNSOP] what i said at the mic (re: dnssec-key-ti… Jelte Jansen
- Re: [DNSOP] what i said at the mic (re: dnssec-ke… Johan Ihren
- Re: [DNSOP] what i said at the mic (re: dnssec-ke… Alfred Hönes
- Re: [DNSOP] what i said at the mic (re: dnssec-ke… Jelte Jansen