Re: [saag] RFC 5011 to IS question
Wes Hardaker <wjhns1@hardakers.net> Fri, 30 November 2012 19:01 UTC
Return-Path: <wjhns1@hardakers.net>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9636821F8B1F for <saag@ietfa.amsl.com>; Fri, 30 Nov 2012 11:01:52 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7-rS3N+YK7eN for <saag@ietfa.amsl.com>; Fri, 30 Nov 2012 11:01:52 -0800 (PST)
Received: from mail.hardakers.net (unknown [IPv6:2001:470:1f00:187::1]) by ietfa.amsl.com (Postfix) with ESMTP id 61DD521F87FF for <saag@ietf.org>; Fri, 30 Nov 2012 11:01:52 -0800 (PST)
Received: from localhost (unknown [50.13.187.159]) by mail.hardakers.net (Postfix) with ESMTPSA id B77C721B; Fri, 30 Nov 2012 11:01:51 -0800 (PST)
From: Wes Hardaker <wjhns1@hardakers.net>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
In-Reply-To: <50B64A46.5050903@cs.tcd.ie> (Stephen Farrell's message of "Wed, 28 Nov 2012 17:30:46 +0000")
References: <50B64A46.5050903@cs.tcd.ie>
User-Agent: Gnus/5.130006 (Ma Gnus v0.6) Emacs/24.1 (gnu/linux)
Date: Fri, 30 Nov 2012 11:01:50 -0800
Message-ID: <0lfw3qdie9.fsf@wjh.hardakers.net>
MIME-Version: 1.0
Content-Type: text/plain
Cc: Ralph Droms <rdroms.ietf@gmail.com>, Michael StJohns <mstjohns@comcast.net>, "saag@ietf.org" <saag@ietf.org>, dns-dir@ops.ietf.org
Subject: Re: [saag] RFC 5011 to IS question
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/saag>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 30 Nov 2012 19:01:52 -0000
Stephen Farrell <stephen.farrell@cs.tcd.ie> writes: > In particular the 30 day add hold-down timer might > arguably be better off at ~90 days if additions are > planned well ahead of time The end of your sentence captures the problem well... I agree, I'd love the case where we could always publish far enough in advance not to worry about a huge hold-down time. But the reality is, the real world is not so nice and I suspect there are times that people would be annoyed by the 30 day hold-down (eg, when believe but don't know that the current key may have been "seen"). So the 30 days seems like a reasonable compromise to me, and I'm not sure I'd want to move it either direction. If I move it in the direction you're talking about, it probably would be to something like 45 or 60. But the reality is that if you an operator can't see a problem in 30 days, I'm not sure anything longer will help them. -- Wes Hardaker My Pictures: http://capturedonearth.com/ My Thoughts: http://pontifications.hardakers.net/
- [saag] RFC 5011 to IS question Stephen Farrell
- Re: [saag] RFC 5011 to IS question Wes Hardaker