On Apr 4, 2013, at 1:39 PM, Joe Abley <jab...@hopcount.ca> wrote: > > On 2013-04-04, at 16:19, Paul Hoffman <paul.hoff...@vpnc.org> wrote: > >>> eg Have some out of band means of fetching and verifying the current >>> version of the One True Trust Anchor. >> >> And has the IETF supplied anything like that? If not, should ICANN wait for >> the first roll until we have? > > ICANN has published documentation for exactly this, and efforts to produce > equivalent documentation within the IETF (to which, once stable, the > published procedures for root zone KSK management can refer to) is ongoing. > > You know this, so I presume you meant something oblique by your comment?
You must have misread the verb tense in my message. :-) "has supplied" is quite different than "efforts is ongoing". This is a serious question: would it be reasonable for ICANN to do a key roll when there is no IETF documentation on how to recover from missed rolls? Some might say "yes", but you can tell I would not. While I appreciate that ICANN wrote a document, unless you want to say "this is the the ICANN document you should use to deal with the operation we are about to perform", it needs to have an RFC stamp on it. --Paul Hoffman _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
