i look at much of the current work product and it reminds me of the term "guilding the lily"... my view of the DNS landscape is a series of concentric circles, the center is DNS protocol fundamentals, the namespace and wire formats. outside that are things like namespace representation, which has, for decades, carried the problem of GIGO and was nearly always considered outside the scope of the DNS itself. DNSSEC additions added some things to core features (new RR types & wire formats), but also spent huge amounts of time on both channel integrity (TSIG/SIG(0)) and ensuring that GIGO was minimized for DNSSEC data. This is still in the remit of namespace representation. In a layer even further outside the DNS itself, there are tools to provide assurance, before the data enters the namespace, that the data is "good". This is clearly in the remit of massaging the data before its placed in the namespace representation, so that the DNS can move it about in the appropriate wire formats.
TL:DR - This is not DNS terminology per se, its Data Integrity tools terminology as applied to data which is intended to be used inside the DNS. And yeah, somebody should write down the perfect chocolate chip cookie recipe. Cause there can be only one perfect way to do this. /Wm On Tue, Aug 16, 2016 at 7:36 AM, Dan York <y...@isoc.org> wrote: > Paul, > > Thanks for the update... comment below: > > On Aug 4, 2016, at 12:48 PM, Paul Hoffman <paul.hoff...@vpnc.org> wrote: > > Our intention for this month is to add a bunch of other terms from RFCs. > I'll also start some threads about terms that we should probably define but > that are not in RFCs. > > > In writing the draft about crypto algorithm agility ( > https://tools.ietf.org/html/draft-york-dnsop-deploying- > dnssec-crypto-algs-01 ) we ran into an issue where we needed to talk > about "signing software". (section 2.3) This is software such as > OpenDNSSEC that is used in the current DNS infrastructure to do the actual > signing of zones. I seem to recall various vendors also having services > that would do the signing on the fly for you. > > This software is of course part of an "authoritative server" defined in > your section 5 - https://tools.ietf.org/html/draft-ietf-dnsop-terminology- > bis-02#section-5 - but also can be operated on a separate server. > > I don't know if you / others feel this warrants having an entry in the DNS > terminology, but I thought I would point it out. We're also definitely > open to adjusting the crypto agility draft to use another term if someone > has a better suggestion than "signing software". > > Dan > > > -- > Dan York > Senior Content Strategist, Internet Society > y...@isoc.org +1-802-735-1624 > Jabber: y...@jabber.isoc.org > Skype: danyork http://twitter.com/danyork > > http://www.internetsociety.org/ > > > > > > _______________________________________________ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop > >
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
