Re: [DNSOP] I-D Action: draft-ietf-dnsop-negative-trust-anchors-00.txt

Mon, 15 Dec 2014 18:18:07 -0800 

My feedback to a possible -01 version is to add something related to not 
consider NTAs for the upper hierarchy of a failed DNSSEC domain. For instance, 
even if I see a good number of .gov domains failed DNSSEC, adding a NTA 
configuration for .gov would not be considered good operational practice, 
unless .gov itself starts failing DNSSEC validation. 

I know no RFC can determine what ops really end up doing, but not being allowed 
to claim that as a prescribed practice has some value. 


Rubens

> On Dec 15, 2014, at 11:15 PM, internet-dra...@ietf.org wrote:
> 
> 
> A New Internet-Draft is available from the on-line Internet-Drafts 
> directories.
> This draft is a work item of the Domain Name System Operations Working Group 
> of the IETF.
> 
>       Title           : Definition and Use of DNSSEC Negative Trust Anchors
>       Authors         : Paul Ebersman
>                         Chris Griffiths
>                         Warren Kumari
>                         Jason Livingood
>                         Ralf Weber
>       Filename        : draft-ietf-dnsop-negative-trust-anchors-00.txt
>       Pages           : 17
>       Date            : 2014-12-15
> 
> Abstract:
>  DNS Security Extensions (DNSSEC) is now entering widespread
>  deployment.  However, domain signing tools and processes are not yet
>  as mature and reliable as those for non-DNSSEC-related domain
>  administration tools and processes.  Negative Trust Anchors
>  (described in this document) can be used to mitigate DNSSEC
>  validation failures.
> 
> 
> The IETF datatracker status page for this draft is:
> https://datatracker.ietf.org/doc/draft-ietf-dnsop-negative-trust-anchors/
> 
> There's also a htmlized version available at:
> http://tools.ietf.org/html/draft-ietf-dnsop-negative-trust-anchors-00
> 
> 
> Please note that it may take a couple of minutes from the time of submission
> until the htmlized version and diff are available at tools.ietf.org.
> 
> Internet-Drafts are also available by anonymous FTP at:
> ftp://ftp.ietf.org/internet-drafts/
> 
> _______________________________________________
> DNSOP mailing list
> DNSOP@ietf.org
> https://www.ietf.org/mailman/listinfo/dnsop

_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop

Reply via email to