Re: [Gen-art] Gen-ART review of draft-ietf-dnsop-dnssec-dps-framework-08

[Russ Housley <housley@vigilsec.com>]

Joe:

I think you missed my point.  In a PKI, when the issuer significantly changes the policy, subsequent certificates have a different policy identifier.  I do not see a similar concept here.

Russ


On Jul 16, 2012, at 6:33 PM, Joe Abley wrote:

> Hi Russ,
> 
> On 2012-07-15, at 11:39, Russ Housley wrote:
> 
>> Peter:
>> 
>> Thanks for the review.  I've not read this document yet, but you review raises a question in my mind.
>> 
>> If a DNSSEC policy or practice statement is revised or amended, what actions are needed make other aware of the change?
> 
> Each DPS contains these kinds of details. Guidance for how to write the corresponding DPS sections is included in this draft:
> 
> 4.2.  Publication and repositories
> 
>   The component describes the requirements for an entity to publish
>   information regarding its practices, public keys, the current status
>   of such keys together with details relating to the repositories in
>   which the information is held.  This may include the responsibilities
>   of publishing the DPS and of identifying documents that are not made
>   publicly available owing to their sensitive nature, e.g. security
>   controls, clearance procedures, or business information.
> 
> 4.2.1.  Repositories
> 
>   This subcomponent describes the repository mechanisms used for making
>   information available to the stakeholders, and may include:
> 
>   o  The locations of the repositories and the means by which they may
>      be accessed;
> 
>   o  An identification of the entity or entities that operate
>      repositories, such as a zone operator or a TLD Manager;
> 
>   o  Access control on published information objects.
> 
>   o  Any notification services which may be subscribed to by the
>      stakeholders;
> 
> 
> Joe
>