Hi Fredrik,
At 03:45 30-09-2012, Fredrik Ljunggren wrote:
It has been added under "Security Considerations":
Secondly, there is no way of determining under what policy (if any)
DNS data has been signed. Interested parties must stay informed
using the methods which should be described in section 1.4.3
(Specification change procedures) of the DPS.
And also exemplified under 4.1.4 of the framework.
I found the following text from the Introduction Section more informative:
'users who rely on signed responses from the DNS ("relying parties")
to evaluate the strength and security of the DNSSEC chain of trust'
'for scrutinizing the trustworthiness of the system'.
It doesn't make sense to say "Interested parties must stay informed"
as the "advance notice of amendments" in Section 4.1.4 sounds like a
minor detail.
I don't have any strong opinion about any of this. The document is
useful to me irrespective of what's in Section 7.
Yes. Sean's DISCUSS was addressed by the deletion of the two last
paragraph in the background section, and by having a dialogue
regarding TA distribution and the context of "change of algorithms"
in subcomponent 4.6.1.
Thanks for clarifying that and for the work.
Regards,
-sm
_______________________________________________
DNSOP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dnsop
