On Thu, Nov 21, 2019 at 9:20 AM Frederico A C Neves <fne...@registro.br>
wrote:

> Shane,
>
> On Wed, Nov 20, 2019 at 04:52:22PM +0100, Shane Kerr wrote:
>
> > One minor thing I noticed while looking through the document. It
> > mentions the Brazilian ccTLD as background why using a liberal rollover
> > is workable:
> >
> >    In fact, testing by the .BR Top Level
> >    domain for their recent algorithm rollover [BR-ROLLOVER],
> >    demonstrates that the liberal approach does in fact work with current
> >    resolvers deployed on the Internet.
> >
> > However, the BR-ROLLOVER reference is to a presentation which discusses
> > the plans to try a liberal rollover in Brazil, but doesn't actually
> > claim that it works. Was there further published research that can
> > support this idea?
>
> There is a presentation I gave at ICANN-63 with the rollover report.
>
>  * ICANN 63 - Oct/2018
>
> https://static.ptbl.co/static/attachments/191746/1540217948.pdf
>
>  Audio (English): starting at 57min50s
>
> http://audio.icann.org/meetings/bcn63/bcn63-OPEN-2018-10-24-T0636-113-en-DNSSEC-Workshop-1-of--3.m3u
>
> This was previously reported at dns-operations,
>
>
> https://lists.dns-oarc.net/pipermail/dns-operations/2018-October/018029.html


Thank you Shane and Frederico,

I had actually meant to include the report produced _after_ the BR rollover
was successful. I've made a note to update the draft to replace the current
earlier reference with this later report from October 2018.


> Besides of this I think there may be already published references of
> this on works of Moritz Muller and Taejoong Chung. They greatly helped
> us with the monitoring of the rollover.
>

If anyone can provide references, we'd be happy to review and consider
including those.

And as a general note on this topic, I want to remind folks that although
the draft says that providers using distinct algorithms can work assuming
validators employ the liberal approach, our strong recommendation is that
the providers all use a common signing algorithm (and common key sizes for
algorithms that support variable key sizes).

Shumon.
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop

Reply via email to