Re: [DNSOP] DNSOP Call for Adoption: draft-hardaker-rfc5011-security-considerations

Mon, 20 Mar 2017 09:01:14 -0700 

On 3/16/2017 10:24 AM, william manning wrote:
this is a useful and needed document. I support its adoption by the WG. As a note to the authors, there was a proposed alternate to what became RFC 5011 which addressed some of the same issues as the current draft. It might be useful to review https://tools.ietf.org/html/draft-ietf-dnsext-trustupdate-threshold-01 going forward. 

Bill -


I went back and re-scanned this and I see no information that bears on 
this problem.   IIRC the draft was abandoned because it *didn't* give 
any timing guidance and was vulnerable (unrecoverable) to single key 
compromises. It gave no guidance on when the *signer* would stop 
publishing and/or revoke a trust anchor which is really the topic of 
Wes' document.


Can you point us to applicable text rather than the complete document?

Later, Mike





/Wm


On Thu, Mar 16, 2017 at 12:16 AM, tjw ietf <tjw.i...@gmail.com 
<mailto:tjw.i...@gmail.com>> wrote:


    All

    We've had a lot of WG discussion on this, and it seems relevant to
    do a formal call for adoption.   If there are outstanding issues
    raised during the CfA, time in Chicago will be set aside to have
    those discussions.


    This starts a Call for Adoption for:
     draft-hardaker-rfc5011-security-considerations

    The draft is available here:
    
https://datatracker.ietf.org/doc/draft-hardaker-rfc5011-security-considerations/
    
<https://datatracker.ietf.org/doc/draft-hardaker-rfc5011-security-considerations/>

    Please review this draft to see if you think it is suitable for
    adoption by DNSOP, and comments to the list, clearly stating your
    view.

    Please also indicate if you are willing to contribute text,
    review, etc.

    If there are

    This call for adoption ends: 30 March 2017

    Thanks,
    tim wicinski
    DNSOP co-chair

    _______________________________________________
    DNSOP mailing list
    DNSOP@ietf.org <mailto:DNSOP@ietf.org>
    https://www.ietf.org/mailman/listinfo/dnsop
    <https://www.ietf.org/mailman/listinfo/dnsop>




_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop




_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop






















					Reply via email to