On Thu, May 2, 2024 at 9:19 AM John R Levine <jo...@taugh.com> wrote:
> On Thu, 2 May 2024, Scott Morizot wrote: > > ??? RFC 8624 is explicitly guidance to implementers not operators. The > > "MUST NOT" means MUST NOT implement in a conforming implementation of > > either signing or validation software. That's not an opinion. It's what > the > > text says. > > The word "software" does not appear in RFC 8624. I think it is evident > from the text that the implementers are the people using DNS software and > signing the zones. > > Ondřej and Paul wrote the RFC so perhaps they can tell us what they meant. > I would be curious about that since it's not how I'm used to "implementer" being used in any DNS context. And it also would mean this sentence in the audience section would then make no sense. "This perspective may differ from that of a user who wishes to deploy and configure DNSSEC with only the safest algorithm." I think we need a clean update to RFC 8624 first that includes instructions to IANA to update the table. I don't think the current draft does that very well. And since the IANA table already has a Zone Signing column, I think we just want to change that one so it has more than a yes/no option per algorithm and then add a Validation column. Once that has been adopted then there will actually be columns to update published at IANA. But in any context I've seen over the years the DNS implementers have always been the ones who develop and maintain the supporting tools and software. Users, operators, and terms like that have referred to those of us who deploy and administer authoritative zones and recursive resolvers. Scott
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
