On 5 okt. 2015, at 15:08, Paul Hoffman <paul.hoff...@vpnc.org> wrote:
>> As far as I'm aware, the document does document current practice.
>
> It does not. It describes a mixture of some of the current practice and some
> aspirational hopes for how things might be done. Further, it is incomplete in
> many aspects.
If it is incomplete, we need to fix that.
> The document goes well beyond describing the files, and this is where it
> fails. Further, the files are not the only way that the trust anchor is
> published, so the document is fairly incomplete.
Trust anchors may be published in other ways, but IMHO that is out of scope for
this document. As far as I know, IANA does not published the trust anchor in
other ways.
"This document describes the distribution of the DNSSEC trust anchors
from IANA. This document is concerned only with the distribution of
trust anchors for the root zone, although the data formats and the
publication and retrieval methods described here can be adapted for
other uses."
> If it is not up for discussion, then the document should not be progressed in
> the IETF at all. Instead, the description of the ICANN's publication
> methodology should be published by ICANN.
The file formats are not up for discussion, as existing implementations depend
on them. The description on how to interpret the contents are of course up for
discussion. I'm just saying we need to be careful what we change, if we choose
to change things that's been in production for over 5 years.
> This WG should instead consider a very different document: how the IETF
> thinks that the DNSSEC trust anchors should be published in order to help DNS
> operators. Joe Abley has an expired (?) draft on this topic. A discussion of
> what ICANN and others should do for publication seems quite relevant to the
> aims of this WG.
Although I agree with that, I still find it useful to publish this draft as
document how things are done today. If the world did not use the published
trust anchors as designed, that is (to some extent) failure. Still, it
documents (or apparently tries to) the plan as it were back in 2010.
jakob
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
