Matthjis, thank you for reviewing the document. The intention is to cover those aspects you mention (key separation, number of keys and roll-over scheme) in sections 6.4, 6.5 and 6.6. It is also intended that a drafter of a DPS may put a rationale, explaining why a particular scheme has been choosen, directly in the main component (6).
For this reason, I'm concerned that a new component may overlap with those already existing. However, I do agree that the intentions described above are not very clear (section 4.6.4 - 4.6.6 of the document), and could be explained in more detail. Would that fulfil your purpose, or did I misunderstand you? -- Fredrik Ljunggren On 16 jun 2011, at 23:37, Matthijs Mekking <matth...@nlnetlabs.nl> wrote: > I have read it and have one comment: > > I would have expect that section 4.6. on Zone Signing would have a > subcomponent on Signing Scheme. Such a subcomponent would address the > number of keys used for signing and what roles (zsk, ksk) they fulfill. > > I would like to see this addition and I support its publication as > Informational. > > Best regards, > > Matthijs > > > On 06/13/2011 07:22 PM, Stephen Morris wrote: >> Dear DNSOP WG, >> >> This is to initiate a working group last call (WGLC) on >> >> "DNSSEC Policy & Practice Statement Framework" >> draft-ietf-dnsop-dnssec-dps-framework-04.txt >> >> Owing to the length of the document, the WGLC will last for three weeks >> instead of the usual two, and will therefore end on >> >> Monday, 4 July 2011, 23:59 UTC >> >> The IETF tools site gives easy access to the current and previous >> versions, as well as differences and the like, at: >> >> http://tools.ietf.org/html/draft-ietf-dnsop-dnssec-dps-framework-04 >> >> The document is aimed at a status of "Informational". >> >> Please review the document and send any comments you may have to the >> list. If you have no comments but support (or do not support) the >> document being published, please send that information to the list. >> >> The document is subject to the normal five reviewer threshold. >> >> Stephen and Peter >> DNSOP co-chairs >> _______________________________________________ >> DNSOP mailing list >> DNSOP@ietf.org >> https://www.ietf.org/mailman/listinfo/dnsop
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
