I appreciate your comments, but they are pretty much inapplicable to the
document. I'd suggest if this approach is important to you that you
draft an ID and gather comments on that document.
If you want to recommend changes to 5011 - same comment.
What we're discussing now is guidance for the
These questions are why I don't like RFC5011. There is lots of
missing metadata about DNSKEYs that exists in CERTs. We could
supply this metadata in TBD records at the apex of the zone which
are like extended DS records (I will call these records VU records).
Things like "valid until" where val
Bob Harold writes:
> I might be wrong, but it would seem to me that the doc covers two situations:
> 1. How long to wait after publishing a key before signing exclusively with
> that key.
Thank you. That is exactly the intent of the document.
> 2. How long after you stop signing with a key
Hi Paul -
I appreciate that both you and Wes have new skills related to mind
reading about my intents, but you're probably reading the wrong mind.
I have stated the question a publisher needed to answer fairly
succinctly in the past:
"How long must a publisher wait until it is reasonably ce
On Thu, May 25, 2017 at 1:15 PM, Paul Hoffman wrote:
> Most people reading an RFC about the DNS probably expect it to be about
> the public DNS we know. That public DNS currently has one KSK, and there
> are no plans to change that (although there might be in the future). Given
> that, and given
Most people reading an RFC about the DNS probably expect it to be about
the public DNS we know. That public DNS currently has one KSK, and there
are no plans to change that (although there might be in the future).
Given that, and given Mike's comments on the doc, I propose the
following.
Chan
On Tue, 23 May 2017 12:22:34 +
Sara Dickinson wrote:
> I’ve reviewed this draft and as stated previously support adoption as
> a companion document to RFC7766.
Thank you for your review.
> Section 2.2: I think the argument around DNSSEC can be bolstered by
> the fact that recent root ZSK an
