A very useful piece of work. Particularly the material on emergency key rollover. It took me some time to write the scripts to take into account TTL, propagation delays, and various key compromise scenarios. The approach your work takes gives the implementer a clear framework. Wish I had your work before.
-Rick -----Original Message----- From: dnsop-boun...@ietf.org [mailto:dnsop-boun...@ietf.org] On Behalf Of stephen.mor...@nominet.org.uk Sent: Tuesday, February 17, 2009 10:21 AM To: dnsop@ietf.org Subject: [DNSOP] draft-morris-dnsop-dnssec-key-timing-00 John Dickinson and Johan Ihren and I have just submitted http://www.ietf.org/internet-drafts/draft-morris-dnsop-dnssec-key-timing-00.txt The draft gives a rigorous description of timing considerations in DNSSEC key rollovers. Stephen > A new version of I-D, draft-morris-dnsop-dnssec-key-timing-00.txt > has been successfuly submitted by Stephen Morris and posted to the > IETF repository. > > Filename: draft-morris-dnsop-dnssec-key-timing > Revision: 00 > Title: DNSSEC Key Timing Considerations > Creation_date: 2009-02-17 > WG ID: Independent Submission > Number_of_pages: 22 > > Abstract: > RFC 4641 gives a detailed overview of the operational considerations > involved in running a DNSSEC-secured zone, including key rollovers. > This document expands on the previous work, and discusses timing > considerations in greater depth. It explicitly identifies the > relationships between the various time parameters, and gives a > suggested algorithm for key rollover in a DNSSEC-secured zone. > > > > The IETF Secretariat. > > _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
