Hi Florian, Thanks for the feed back. One motivation for this document was to provide guidance to deploy a DNSSEC resolver and implicitly encourage those not doing it already. I think that your comment was very helpful as it clearly indicated that we were achieving the opposite of what we were aiming at. I also think that your comment put new light on previously received comments we received. We largely re-focused the document to mention what an operator should do and remove (unclear) discussions of what could be done, but cannot be done. I hope the current version of the draft provides a much more positive message.
Yours, Daniel On Wed, Jun 7, 2023 at 1:38 PM Florian Obser <florian+i...@narrans.de> wrote: > On 2023-06-07 13:08 -04, Tim Wicinski <tjw.i...@gmail.com> wrote: > > Just a reminder we're looking for any feedback on continuing work on this > > document. The Chairs/OverLord Warren feel significant work on this > > document is needed, but that may not be relevant. > > The document seems to have a rather pessimistic view on running a > validator. It has this huge list of things that an operator has to do > and does not assign any importance to them - everything seems to be > equally important. > > If I were to read this as the person responsible for running the > recursive resolver at an enterprise or at an ISP I'd think: That sounds > like effort and incredibly fragile, it's probably best to not enable > validation. > > It would be nice to have an informational RFC on the topic, but I'm not > convinced this is it. Maybe Andrew's suggestion to split this up is the > way forward. Maybe have one document with minimum requirements (correct > time, stuff like that) and take it from there. > > > > > We're wrapping this feedback up this Sunday 11 June. > > > > (and Thanks Andrew for your comments) > > > > tim > > -- > In my defence, I have been left unsupervised. > > _______________________________________________ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop > -- Daniel Migault Ericsson
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop