On Wed, Oct 05, 2022 at 3:59 PM, Paul Hoffman <paul.hoff...@icann.org>
wrote:
> On Oct 5, 2022, at 11:36 AM, Peter Thomassen <pe...@desec.io> wrote:
>
> On 10/5/22 20:25, Paul Hoffman wrote:
>
> On 10/5/22 19:56, Paul Hoffman wrote:
>
>
> I propose to replace that paragraph with:
> What we today call "DNSSEC" is the DNSSEC specification defined in
> {{RFC4033}}, {{RFC4034}}, and {{RFC4035}}. However, earlier incarnations of
> DNSSEC were thinly deployed and significantly less visible than the current
> DNSSEC specification.
>
>
> I think that's much better, but it remains vague in that it leaves open
> what those other versions were.
>
> I know there are some RFCs that defined KEY records etc. Is that's what's
> meant? Perhaps we should add something like:
>
> For the historic record of these, see RFC 2535 and related documents.
>
> (Or whatever is the appropriate set of documents.)
>
> Given that we don't have clear version numbers, I would kinda prefer not
> to do that. Does RFC 2535 represent a clear description of an earlier
> incarnation/version of DNSSEC? It doesn't feel that way to me.
>
> I wasn't around at that time, so I don't know. Based on the fact that the
> current incarnation was dubbed version 3, I assumed that other revisions
> can be pointed to more or less precisely. Apologies if I misunderstood.
>
> My point is precisely that if we can't pinpoint what we mean by "earlier
> incarnations", the text shouldn't sound like they were stable versions that
> were merely thinly deployed.
>
> I fully agree that they shouldn't sound like stable versions, thus my use
> of the vague word "incarnations". I'm happy to use a different word that is
> even less version-like.
>
> So, my suggestion would be that if we know what those incarnations are,
> let's add references so people can dig further if they are interested. If
> we can't point to a specification and/or don't know what those incarnations
> are, I think it would be better to say they "... were not fully specified
> and saw only little deployment" or not talk about them at all.
>
> I think we have to talk about them a bit so that the reader doesn't ask
> the question "how come there are DNSSEC RFCs that vastly pre-date 4033?".
>
Hi all,
I'd like to be able to move this document into IESG Eval state soon; there
are only a few tele-chats remaining before IETF115, and there are not many
between the end of IETF115 and the end of the year either.
We don't have the exact replacement text for "formally" settled yet, but it
seems like it is really close - might we be able to get that wrapped up
today so that I can move it along? I think that we have general agreement
on the shape of the text, it's just final massaging.
<no-hats>
I'm personally fine with Paul's proposed text, minor tweaks on
"incarnations", Peter's modifications, whatever.
</no-hats>
W
> --Paul Hoffman
>
>
> _______________________________________________
> DNSOP mailing list
> DNSOP@ietf.org
> https://www.ietf.org/mailman/listinfo/dnsop
>
>
>
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
