At 17:15 +0000 5/20/09, Suzanne Woolf wrote:
I'd like to see the detailed architectural discussion, and the mapping from it into "ops terms" (KSK/ZSK and suggested practices or considerations), all in one document. I understand the argument for having a separate BCP to accomplish that, but I'd really like to have an integrated document to point people to for both good practice and its architectural rationale.
One of the obstacles to the goal of mapping a detailed architectural discussion into "ops terms" is that when it comes to operations environments, they tend to have unique circumstances. Operators will be grafting DNSSEC on to diverse existing architectures. Each will have different regulations and requirements for operations. Overly specific recommendations can "backfire."
Even if the service is a commodity, there may a lot of differences in the back offices of the providers.
OTOH, if there is a critical mass of one kind of registry or another, then it is fine to generate a document. But please be very clear and specific of the "demographic" of the audience. (What I am trying to avoid is getting into a situation where someone tries to make all DNS servers conform to BCP 40. I.e., it's not a sin to allow AXFR.)
-- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis NeuStar You can leave a voice message at +1-571-434-5468 Getting everything you want is easy if you don't want much. _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
