At 7:45 -0500 1/18/07, Scott Rose wrote:
On start up of system, or of the validator?
Does it need to be specified, I think it is an implementation detail and unimportant to interoperability.
As for the text on rollover mechanisms: I don't think there will be a choice for the majority of end systems. Once the validator is written, it will most likely depend on the implementors of the validator, and be very difficult for an end user to change. Manual operation may be the only other alternative to whatever in-band or out of band the validator implementation is built around. And most will not care - once one way is chosen, it will probably be used unless something forces a change.
There's two ways to read this. One is that the service-side "user" that has a choice to make when introducing a new KSK/SEP. The client-side "user" has a choice when adopting the new KSK/SEP.
The service-side needs to know how to indicate the new KSK/SEP is the one to use, possibly in more than one way but ideally there is one set of ways. The validator has to implement a (or the) way to learn, and the client-side user will either have to live with that or use a validator that offers choices.
Probably in operations there won't be an option. The sole option will be set down in the validation code. I think it is a good idea to nail down the algorithm that all validators will implement. Ideally we will also nail down as many parameters too, as experience I have had has shown that choice in security knobs is a bad thing to anyone not a security geek.
-- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis +1-571-434-5468 NeuStar Dessert - aka Service Pack 1 for lunch. _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www1.ietf.org/mailman/listinfo/dnsop
