This is a good suggestion. I support it. Mehmet
On Saturday, October 31, 2015, Richard Lamb <richard.l...@icann.org> wrote: > Given that there are least three implementations based on this draft in > widespread use, IMHO, I believe this draft should move forward as is. As > mentioned below, a stable reference would be useful for implementers like > myself. -Rick > > > -----Original Message----- > From: DNSOP [mailto:dnsop-boun...@ietf.org <javascript:;>] On Behalf Of > W.C.A. Wijngaards > Sent: Tuesday, October 6, 2015 1:53 AM > To: dnsop@ietf.org <javascript:;> > Subject: Re: [DNSOP] Expiration impending: > <draft-jabley-dnssec-trust-anchor-11.txt> > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > Hi, > > On 05/10/15 23:42, Suzanne Woolf wrote: > > All, > > > > First, thanks to the engaging on this. > > > > On Oct 5, 2015, at 5:20 PM, "Joe Abley" <jab...@hopcount.ca > <javascript:;>> > > wrote: > >> > >> Perhaps it's time to sit back and wait for others here to express an > >> opinion. > > > > I'd like to hear opinions from others in the WG with an operational > > interest in the DNSSEC root trust anchor. > > It documents a procedure we implemented, and a stable reference would be a > good thing. > > > Does this document meet a need you have? If so, how well does it meet > > the need, and what would it take (if anything) for the document to > > meet that need more effectively? > > Unbound implements the draft in open source, in its own command-line tool > 'unbound-anchor'. It combines a compiled-in root-anchor, with > RFC5011 rollover and this draft. At the first start it has failover over > from the initial anchor to the next option, and this draft is the > fallback. On subsequent invocations it keeps state, a rolling anchor that > it keeps track of. If RFC5011 tracking fails, it uses this draft to fetch > the xml file with the new key. The tool is organisation-agnostic and can > also be configured to perform the same mechanics in another environment > (eg. test environments). > > Best regards, Wouter > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v2 > > iQIcBAEBCAAGBQJWE4vbAAoJEJ9vHC1+BF+NxPMQAIAmFaUaF6ZKQvzMLZ+yAuDm > 66MaTO2i68q6LH3ZHCEl6dXMz3sGL+8RaKCN1IK6EyvXUIoCaulkJdbem4MeFsGk > /w1Bxxfybgao5+pBPd3Ciz6caYfMHrfkqFL7broBsCLNBlfwVUEUPBJpfYQbF8i+ > TQaqyGm/oH2VPtFq03HL/o/CJUgbZNQWT1CKdzEEuoyrmyotzXQkfsnXrW79t/hW > tt8Aeq5VSHpBbkSlrq8EYDunhjwQKgJwhx/YUVpqF/JrjO7KDqzO7QabYY4i1h95 > LTdcZmrWUfKSPnzN0lD3MSmSvJMMgz18VBXQLO2cHj0QDaDFd9pe0mud0em9gIPz > hLhyWvbxeNasT8CbH5vwJ77p/6xmhMsYT4C2EHtJacPmG9Y4BfUDyo1d0hec0eF5 > uLmpbp+TCicd3dHNNcIPWjDcxyCT7lTNOLPS78fSOhdju2khijn9b7RPnTqjtmUV > Wf8IIYnN0fIapymNsiNXqarV3uC8ly7XhnqK+XQ6z7KgArh/OkrFcGiJAcHn1wlr > mSkSKeeGpF8snSlbnMX9+Y9TvBCFrNOP+awzDvKqBnV3yS5Cu2bPottH9Yp/xs96 > E36eMwX35WUuh7uOCKR4IswpjChds0jSW75oJ6GYb9ItLfy6ehuGbyUFD2AW130y > SrOmADZfr8SG6aGxUokH > =4snr > -----END PGP SIGNATURE----- > > _______________________________________________ > DNSOP mailing list > DNSOP@ietf.org <javascript:;> > https://www.ietf.org/mailman/listinfo/dnsop > > _______________________________________________ > DNSOP mailing list > DNSOP@ietf.org <javascript:;> > https://www.ietf.org/mailman/listinfo/dnsop >
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
