On Thu, Sep 9, 2021 at 1:39 PM Warren Kumari <war...@kumari.net> wrote:
> > > On Thu, Sep 9, 2021 at 12:13 PM Joe Abley <jab...@hopcount.ca> wrote: > >> Hi Paul (W), >> >> On Sep 9, 2021, at 12:05, Paul Wouters <p...@nohats.ca> wrote: >> >> > On Thu, 9 Sep 2021, Paul Hoffman wrote: >> >> >> >> Did you first ask the administrators of the zone in question before >> sending this message to a grooup that has no administrative power over the >> zone? >> > >> > No, I used this group as the umbrella contact, as I assumed the >> > knowledgeable people are here. >> >> The IETF (well, the IAB) has administrative control over the contents of >> the ARPA zone. I do not know in practice whether this extends to the >> machinery of how the zone is provisioned. > > >> >> The operation of the zone is carried out by PTI, I think. It is >> distributed to its authoritative servers (which are also root servers) in a >> process that is similar in some respects to the way the root zone is >> managed. >> >> I would drop a note to Kim Davies and ask his advice if you want to make >> some kind of progress. > > > Yup. My personal view is that the IANA/PTI folk running this are friendly, > competent and helpful. > > While it seems perfectly plausible to make this kind of change by way of a >> published RFC with IAB review, it's not at all clear to me that such a >> heavyweight approach is necessary. > > > Yup - I don't *know* of any requirements specifying anything as > detailed/operational as which DNSSEC algorithms should be used, when to > roll (these!) keys, etc. That sort of level of operational detail is > (AFAIK) left to PTI/IANA as the operator. > If I'm wrong, and there is a specific requirement, I'm guessing that PTI > could point at it, and it could then by updated -- but I'd assume that this > is simply 1: they haven't migrated yet because, well, they haven't yet, or > 2: they've made a conscious decision based on operational knowledge of who > uses the zone, being cautious with critical infrastructure, etc. > Whatever the case, a simple email to Kim/IANA does sound like the right > first step. > This reply might have been a bit hasty -- I don't actually know how tightly this is specified, or who decided which DS algorithm should be used. It was pointed out (off-list) that it seems like it should be the IAB as the TLD operator. That sounds entirely reasonable... but the IANA acts in many ways like a registry backend provider, so, well, perhaps it is them?! At this point I have no idea, but 1: I do know it ain't me and 2: I suspect that asking Kim and / or the IAB is probably a good start. I'll now go hide under a rock, or at least get some lunch. W > > > W > > >> >> >> >> Joe >> _______________________________________________ >> DNSOP mailing list >> DNSOP@ietf.org >> https://www.ietf.org/mailman/listinfo/dnsop >> > > > -- > The computing scientist’s main challenge is not to get confused by the > complexities of his own making. > -- E. W. Dijkstra > -- The computing scientist’s main challenge is not to get confused by the complexities of his own making. -- E. W. Dijkstra
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
