Hi, Just new in the dnsop wg tools page: http://tools.ietf.org/html/draft-wijngaards-dnsop-trust-history-00
This is the same version as draft-wijngaards-dnsext-trust-history-03, but moved to the DNSOP wg. I would like to request adoption of the document. Why? I want to enable end users to use validators. They use computers that sometimes skip a month (holiday), or install software that is a couple years old. RFC5011 cannot keep up in that case, and this trust- history can then be used to get the latest trust anchor. This latest version has a number of features that I'll present in a point list: * Can detect trust point deletion, where the zone owner wants to un-sign the zone. * Honors RFC5011 hold-down-timer. Thus it cannot be used to work around the 5011 timers. * Track SEP keys. Access to the KSK is necessary to change the keyset for the zone. * Uses a clean new RR type, for dnsext expert review, to help store the information in the DNS. So, this way, software can include a DNSSEC trust anchor, which can be used years later to fetch the latest trust anchor, while the DNS zone uses regular rollovers. After fetching the latest, software can then use 5011 to track the anchor. If the 5011 updates fail because the machine was offline or the software is reinstalled, the history can be used again, and then 5011 works again. Best regards, Wouter _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
