Re: [Gen-art] Gen-ART review of draft-ietf-dnsop-dnssec-dps-framework-08
Russ Housley <housley@vigilsec.com> Tue, 17 July 2012 23:06 UTC
Return-Path: <housley@vigilsec.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5A76721F85C2; Tue, 17 Jul 2012 16:06:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.696
X-Spam-Level:
X-Spam-Status: No, score=-102.696 tagged_above=-999 required=5 tests=[AWL=-0.097, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id q7mmVLY+fkkT; Tue, 17 Jul 2012 16:05:58 -0700 (PDT)
Received: from odin.smetech.net (mail.smetech.net [208.254.26.82]) by ietfa.amsl.com (Postfix) with ESMTP id CAEE821F85C0; Tue, 17 Jul 2012 16:05:58 -0700 (PDT)
Received: from localhost (unknown [208.254.26.81]) by odin.smetech.net (Postfix) with ESMTP id A41BAF2403F; Tue, 17 Jul 2012 19:07:04 -0400 (EDT)
X-Virus-Scanned: amavisd-new at smetech.net
Received: from odin.smetech.net ([208.254.26.82]) by localhost (ronin.smetech.net [208.254.26.81]) (amavisd-new, port 10024) with ESMTP id muoVV8rOdrNG; Tue, 17 Jul 2012 19:06:45 -0400 (EDT)
Received: from [192.168.2.100] (pool-96-255-37-162.washdc.fios.verizon.net [96.255.37.162]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by odin.smetech.net (Postfix) with ESMTP id BCF87F2403D; Tue, 17 Jul 2012 19:07:02 -0400 (EDT)
Subject: Re: [Gen-art] Gen-ART review of draft-ietf-dnsop-dnssec-dps-framework-08
Mime-Version: 1.0 (Apple Message framework v1084)
Content-Type: text/plain; charset="us-ascii"
From: Russ Housley <housley@vigilsec.com>
In-Reply-To: <29BF6AF1-3924-42F0-B8BD-1B1250CAECD6@hopcount.ca>
Date: Tue, 17 Jul 2012 19:06:44 -0400
Content-Transfer-Encoding: quoted-printable
Message-Id: <57D81A5A-B80B-4DC1-87FE-450E91A01A20@vigilsec.com>
References: <003c01cd6225$6f4cab60$4de60220$@akayla.com> <72D7767E-8AE5-4A91-BE2C-4A949997C5CA@vigilsec.com> <29BF6AF1-3924-42F0-B8BD-1B1250CAECD6@hopcount.ca>
To: Joe Abley <jabley@hopcount.ca>
X-Mailer: Apple Mail (2.1084)
Cc: Peter Yee <peter@akayla.com>, gen-art@ietf.org, ietf@ietf.org, draft-ietf-dnsop-dnssec-dps-framework.all@tools.ietf.org
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Jul 2012 23:06:00 -0000
Joe: I think you missed my point. In a PKI, when the issuer significantly changes the policy, subsequent certificates have a different policy identifier. I do not see a similar concept here. Russ On Jul 16, 2012, at 6:33 PM, Joe Abley wrote: > Hi Russ, > > On 2012-07-15, at 11:39, Russ Housley wrote: > >> Peter: >> >> Thanks for the review. I've not read this document yet, but you review raises a question in my mind. >> >> If a DNSSEC policy or practice statement is revised or amended, what actions are needed make other aware of the change? > > Each DPS contains these kinds of details. Guidance for how to write the corresponding DPS sections is included in this draft: > > 4.2. Publication and repositories > > The component describes the requirements for an entity to publish > information regarding its practices, public keys, the current status > of such keys together with details relating to the repositories in > which the information is held. This may include the responsibilities > of publishing the DPS and of identifying documents that are not made > publicly available owing to their sensitive nature, e.g. security > controls, clearance procedures, or business information. > > 4.2.1. Repositories > > This subcomponent describes the repository mechanisms used for making > information available to the stakeholders, and may include: > > o The locations of the repositories and the means by which they may > be accessed; > > o An identification of the entity or entities that operate > repositories, such as a zone operator or a TLD Manager; > > o Access control on published information objects. > > o Any notification services which may be subscribed to by the > stakeholders; > > > Joe >
- Re: [Gen-art] Gen-ART review of draft-ietf-dnsop-… Russ Housley
- Gen-ART review of draft-ietf-dnsop-dnssec-dps-fra… Peter Yee
- Re: [Gen-art] Gen-ART review of draft-ietf-dnsop-… Joe Abley
- Re: [Gen-art] Gen-ART review of draft-ietf-dnsop-… Russ Housley
- Re: [Gen-art] Gen-ART review of draft-ietf-dnsop-… Joe Abley
- Re: [Gen-art] Gen-ART review of draft-ietf-dnsop-… Russ Housley
- Re: [Gen-art] Gen-ART review of draft-ietf-dnsop-… Stephen Kent
- Re: [Gen-art] Gen-ART review of draft-ietf-dnsop-… Joe Abley
- Re: [Gen-art] Gen-ART review of draft-ietf-dnsop-… Anne-Marie Eklund-Löwinder
- Re: [Gen-art] Gen-ART review of draft-ietf-dnsop-… Fredrik Ljunggren