On 2012-07-24, at 07:53, Matthijs Mekking wrote: > As you might know, I had this idea of unraveling key states. Instead > of having states that describe the overall state of the key, we would > have states for components of the key. How to divide the key into > components is based on the parts that can be published:
I am a big fan of this line of thinking. I saw you (in Vienna, I think) reduce this logic to a small set of equations which, if all are satisfied, indicates that a particular change for one component is safe (from the perspective of validators), and I think this would be a vast improvement for implementers and operators over the sometimes complicated reasoning that is otherwise involved in planning a rollover event. This model makes arbitrary key rollovers trivial to plan with confidence. While dnsop-dnssec-key-timing provides a fairly thorough background which promotes understanding of the underlying issues, it's still a thorny document to apply to an actual operational event. I think it would be great if we could present your model (or something similarly robust and simple) in such a way that it becomes the normal way of thinking about rollover events, both for implementers of DNSSEC signing platforms and for operators of DNSSEC-signed zones. The world would be a better place. Joe
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
