Sheesh..I thought we were talking about engineering issues.

Speaking only as the humble engineer who helped develop the publication methods 
and wrote the software that generates all the pieces, the most recent draft 
does describe what my programs, scripts, and other pieces do.  If there is any 
technical variance, please let me know I don’t pretend to be perfect.  I run 
another copy of some of the pieces on my KSK rollover test setup now, so id 
like to know.

I have no opinion regarding the more abstract discussion regarding where such a 
description belongs and look to learn from those better versed in that subject.

-Rick



From: DNSOP [mailto:dnsop-boun...@ietf.org] On Behalf Of George Michaelson
Sent: Monday, October 5, 2015 8:07 AM
To: Joe Abley <jab...@hopcount.ca>
Cc: dnsop WG <dnsop@ietf.org>; Paul Hoffman <paul.hoff...@vpnc.org>
Subject: Re: [DNSOP] Expiration impending: 
<draft-jabley-dnssec-trust-anchor-11.txt>

If its on the internet, its not out of band.

On Mon, Oct 5, 2015 at 9:55 AM, Joe Abley 
<jab...@hopcount.ca<mailto:jab...@hopcount.ca>> wrote:


On 5 Oct 2015, at 10:42, George Michaelson wrote:

> Something very left field for me, but I believe important, is that we need
> to also publish the out-of-band publication point of the trust material.

This draft is exclusively concerned with publishing trust anchors out-of-band 
of the protocol.

> I mentioned this to Joe some time ago and was very correctly told "out of
> scope" but I believe its nonsensical to exclude physical publication, eg in
> newspapers of record for at least 3 economies worldwide, of the hash of the
> public key as a standing event.

This draft aims to document current practice. To my knowledge, nobody has ever 
published a trust anchor (or even a pointer to it) in print media.

> In-band only has some issues for me, if we are talking about trust.

Me too, hence the decision by ICANN to publish trust anchors using out-of-band 
mechanisms in 2009/2010, as this draft aims to document.


Joe

_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop

Reply via email to