Given that there are least three implementations based on this draft in widespread use, IMHO, I believe this draft should move forward as is. As mentioned below, a stable reference would be useful for implementers like myself. -Rick
-----Original Message----- From: DNSOP [mailto:dnsop-boun...@ietf.org] On Behalf Of W.C.A. Wijngaards Sent: Tuesday, October 6, 2015 1:53 AM To: dnsop@ietf.org Subject: Re: [DNSOP] Expiration impending: <draft-jabley-dnssec-trust-anchor-11.txt> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hi, On 05/10/15 23:42, Suzanne Woolf wrote: > All, > > First, thanks to the engaging on this. > > On Oct 5, 2015, at 5:20 PM, "Joe Abley" <jab...@hopcount.ca> > wrote: >> >> Perhaps it's time to sit back and wait for others here to express an >> opinion. > > I'd like to hear opinions from others in the WG with an operational > interest in the DNSSEC root trust anchor. It documents a procedure we implemented, and a stable reference would be a good thing. > Does this document meet a need you have? If so, how well does it meet > the need, and what would it take (if anything) for the document to > meet that need more effectively? Unbound implements the draft in open source, in its own command-line tool 'unbound-anchor'. It combines a compiled-in root-anchor, with RFC5011 rollover and this draft. At the first start it has failover over from the initial anchor to the next option, and this draft is the fallback. On subsequent invocations it keeps state, a rolling anchor that it keeps track of. If RFC5011 tracking fails, it uses this draft to fetch the xml file with the new key. The tool is organisation-agnostic and can also be configured to perform the same mechanics in another environment (eg. test environments). Best regards, Wouter -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJWE4vbAAoJEJ9vHC1+BF+NxPMQAIAmFaUaF6ZKQvzMLZ+yAuDm 66MaTO2i68q6LH3ZHCEl6dXMz3sGL+8RaKCN1IK6EyvXUIoCaulkJdbem4MeFsGk /w1Bxxfybgao5+pBPd3Ciz6caYfMHrfkqFL7broBsCLNBlfwVUEUPBJpfYQbF8i+ TQaqyGm/oH2VPtFq03HL/o/CJUgbZNQWT1CKdzEEuoyrmyotzXQkfsnXrW79t/hW tt8Aeq5VSHpBbkSlrq8EYDunhjwQKgJwhx/YUVpqF/JrjO7KDqzO7QabYY4i1h95 LTdcZmrWUfKSPnzN0lD3MSmSvJMMgz18VBXQLO2cHj0QDaDFd9pe0mud0em9gIPz hLhyWvbxeNasT8CbH5vwJ77p/6xmhMsYT4C2EHtJacPmG9Y4BfUDyo1d0hec0eF5 uLmpbp+TCicd3dHNNcIPWjDcxyCT7lTNOLPS78fSOhdju2khijn9b7RPnTqjtmUV Wf8IIYnN0fIapymNsiNXqarV3uC8ly7XhnqK+XQ6z7KgArh/OkrFcGiJAcHn1wlr mSkSKeeGpF8snSlbnMX9+Y9TvBCFrNOP+awzDvKqBnV3yS5Cu2bPottH9Yp/xs96 E36eMwX35WUuh7uOCKR4IswpjChds0jSW75oJ6GYb9ItLfy6ehuGbyUFD2AW130y SrOmADZfr8SG6aGxUokH =4snr -----END PGP SIGNATURE----- _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
