Hi, http://tools.ietf.org/html/draft-wijngaards-dnsop-trust-history-02
Is available for review and comment. This represents my take on how to perform trust-anchor management for a validator without having a system update mechanism (which works with unsafe DNS). I have incorporated substantial comments and feedback. o From Ted Lemon, Fixed the 'poison one upstream server'-attack. o From Bert Hubert, Fixed the 'history in reverse'-attack. o From Ed Lewis, Fixed so keys do not 'last forever'. o From Mark Andrews, considerations for 5011-revocation. o From Steve Crocker, Easy to test. o From Bill Manning, can work on its own. o From Wolfgang Nagele, zone owner advertising and 30days tweakable. o From Olaf Kolkman, made the text easier to understand. And more, sorry if I forgot here. There is exactly one open issue: o Publication of expired RRSIGs. [ various people, Ed Lewis, Olaf Kolkman ] This specification puts expired RRSIGs into the DNS and expects them to be delivered. What about 'smart' boxes that remove expired signatures? I think that boxes are not allowed to remove 'expired' signatures. This is why we have the CD flag. This is good to put into dnssec-bis-updates? One solution may be a 'HISTORICAL_RRSIG' new type. Which needs a new type allocation, where perhaps RRSIG serves perfectly fine. Also RRSIG is sent with a DNSKEY answer. HISTORICAL_RRSIG causes extra queries to get it. Best regards, Wouter _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop