Hi Paul, On 5 Oct 2015, at 15:35, Paul Hoffman wrote:
A document called "DNSSEC Trust Anchor Publication for the Root Zone" that says nothing about the most common KSK publication practice, that is, by resolver software developers, is woefully incomplete.
I am confused by that. The KSK maintainer publishes trust anchors for the root zone. Software developers produce code that consumes those trust anchors. Perhaps we are missing a shared understanding of the word "publish" here, but I don't see what common KSK publication practice you're referring to.
If instead the document is supposed to be about current ICANN publication only, then the document should be retitled, given a better abstract, and give the actual URLs for the current KSK and describe the formats used for the current data. It should not make speculation about other URLs nor about other format options.
I don't understand the comment about the title or the abstract (see above).
I fully agree that the document should use actual URLs for the current KSK. As far as I can see, all the URLs mentioned in the document are URLs that work today, and have been stable since 2010. I don't see any speculation about other URLs.
Can you explain more fully what problem you see?
It should not talk about the publication of possible future KSKs because that is not what ICANN is doing now.
I don't understand that, either. The scheme developed at ICANN in 2009/2010 was designed to facilitate publication of multiple trust anchors, specifically to allow future KSK rolls. You're saying we shouldn't document that because a KSK roll hasn't happened, yet?
Joe _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
