5 Aug 2012 06:20
Advancement of RFC 5011 - Call for comments - END 24 August 2012
Michael StJohns <mstjohns <at> comcast.net>
2012-08-05 04:20:01 GMT
2012-08-05 04:20:01 GMT
During IETF week I had discussions with the chairs, area director and
various other IESG members on the possibility of advancing RFC5011 to
Standard under the new rules described in RFC6410. My intent
is to do this as administrative advancement without the issuance of a new
RFC.
The conditions for advancement (and my comments on those requirements) are:
RFC5011 is specified as the root key rollover protocol. Other zones appear have adopted this as their mechanism for updating their trust anchors.
RFC5011 is a hybrid of operational practices (by the zone owner to signal key changes) and implementations (by the zone owner to sign new keys and revocations, and by the client to automatically update the trust store).
There appear to be more than two implementations on the client side. There appears to be sufficient support in zone signing tools for the REVOKE bit.
I have anecdotal evidence (and would appreciate more) that successful operational key rollovers have been made with this protocol.
There are no errata.
None identified.
The IPR claims are non-specific and do not appear to have affected the implementation of the protocol.
What I want to do is open up a three week period to solicit comments on 5011, implementation experience and operational experience.
For 5011, I'm looking only for substantive comments on the Normative sections of the document - sections 2-5.
Section 9 does contain down-refs to the DNSSEC extensions, but the IESG members I've talked to don't appear to consider them blocking.
Comments are open until 24 August. With luck I'll be able to ask the area director to start the IETF last call at that point.
Thanks - Mike
The conditions for advancement (and my comments on those requirements) are:
(1) There are at least two independent interoperating implementations with widespread deployment and successful operational experience.
RFC5011 is specified as the root key rollover protocol. Other zones appear have adopted this as their mechanism for updating their trust anchors.
RFC5011 is a hybrid of operational practices (by the zone owner to signal key changes) and implementations (by the zone owner to sign new keys and revocations, and by the client to automatically update the trust store).
There appear to be more than two implementations on the client side. There appears to be sufficient support in zone signing tools for the REVOKE bit.
I have anecdotal evidence (and would appreciate more) that successful operational key rollovers have been made with this protocol.
(2) There are no errata against the specification that would cause a new implementation to fail to interoperate with deployed ones.
There are no errata.
(3) There are no unused features in the specification that greatly increase implementation complexity.
None identified.
(4) If the technology required to implement the specification requires patented or otherwise controlled technology, then the set of implementations must demonstrate at least two independent, separate and successful uses of the licensing process.
The IPR claims are non-specific and do not appear to have affected the implementation of the protocol.
What I want to do is open up a three week period to solicit comments on 5011, implementation experience and operational experience.
For 5011, I'm looking only for substantive comments on the Normative sections of the document - sections 2-5.
Section 9 does contain down-refs to the DNSSEC extensions, but the IESG members I've talked to don't appear to consider them blocking.
Comments are open until 24 August. With luck I'll be able to ask the area director to start the IETF last call at that point.
Thanks - Mike
_______________________________________________ dnsext mailing list dnsext <at> ietf.org https://www.ietf.org/mailman/listinfo/dnsext
RSS Feed