Ack. Tracking the need for examples in the open issues log for the I-D.
On 2/19/13 4:21 PM, "Warren Kumari" <war...@kumari.net> wrote: > >On Feb 16, 2013, at 7:43 PM, Paul Hoffman <paul.hoff...@vpnc.org> wrote: > >> Ted's misunderstanding of what you are proposing is a valid one. You >>don't actually say what a negative trust anchor is, and what it is a >>trust anchor for, until section 7. Readers such as Ted (and myself!) >>will have strong prejudices by then. >> >> I would want to see something in the Introduction saying something like: >> >> This document discusses trust anchors for DNSSEC. A "negative trust >>anchor" is equivalent to a "regular" DNSSEC trust anchor for a >>particular instance of a recursive validating resolver. A negative trust >>anchor is quite different from regular DNSSEC trust anchors in that they >>are local, temporary, and definitely not distributed by IANA. They are >>trust anchors only for DNSSEC, not for PKIX. >> >> That should help set the tone for the following sections that say how >>to use them, and then the much later sections on what they actually are. > > >I also think that it would be very helpful to actually show *how* this is >used, with e.g and example in an Appendix, for <insert favorite resolver >here>. > >The document contains a lot of really useful content about why you might >use one, how to minimize damage, etc but (IMO) does't do a great job of >explaining *how* to actually do soŠ > >But yes, I think it should be considered for adoption / if this is a CfA >I support it :-P >I'd also like to see it presented / discussed at the meeting... > >W > > >> >> --Paul Hoffman >> _______________________________________________ >> DNSOP mailing list >> DNSOP@ietf.org >> https://www.ietf.org/mailman/listinfo/dnsop >> > >-- >"Build a man a fire, and he'll be warm for a day. Set a man on fire, and >he'll be warm for the rest of his life." -- Terry Pratchett > > _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop