Re: [DNSOP] Expiration impending:

On 28 Sep 2015, at 4:59, Joe Abley wrote: Hi all, We don't seem to be getting anywhere with this draft. (Jakob is going to bump it to -12; there have been no real updates apart from the version bump in I appreciate that the methods described in this document are not universally liked. I ha

Re: [DNSOP] Expiration impending:

On 28 Sep 2015, at 12:35, Paul Hoffman wrote: We could do that, but the RFC should probably not be published for at least another six months due to terminology / politics / IANAPLAN, so we don't need to rush the WG LC either. For example, the draft uses the phrase "an IANA function performed

Re: [DNSOP] Expiration impending:

On Sep 29, 2015, at 2:53 AM, Shane Kerr wrote: >> On Mon, Sep 28, 2015 at 07:59:00AM -0400, Joe Abley wrote: >>> This document describes existing practice, and provides guidance for >>> people who need to bootstrap a validator using the mechanisms provided >>> by ICANN back in 2009/2010 when the r

Re: [DNSOP] Expiration impending:

Hi, Just took a whirlwind tour through correspondence to date on this draft, need to review more closely. On Sep 29, 2015, at 2:21 PM, David Conrad wrote: > On Sep 29, 2015, at 2:53 AM, Shane Kerr wrote: >>> On Mon, Sep 28, 2015 at 07:59:00AM -0400, Joe Abley wrote: This document describ

Re: [DNSOP] Expiration impending:

Hi, On Oct 2, 2015, at 9:10 AM, Suzanne Woolf wrote: Preempting a WGLC, I support the document. It states its aim of documenting existing practices, and it does so clearly. >>> >>> I agree completely. I am actually confused as to why it is not already >>> an RFC. >> >> +1 I've since

Re: [DNSOP] Expiration impending:

All, Your co-chair is a little confused. On Oct 4, 2015, at 2:00 PM, David Conrad wrote: > I've since been told that the draft doesn't actually document current > practice (don't know the details), so this probably needs to be fixed. What "needs to be fixed"? That the draft doesn't document c

Re: [DNSOP] Expiration impending:

> Your co-chair is a little confused. Sorry about that. On Oct 4, 2015, at 2:00 PM, David Conrad wrote: >> I've since been told that the draft doesn't actually document current >> practice (don't know the details), so this probably needs to be fixed. > > What "needs to be fixed"? That the draf

Re: [DNSOP] Expiration impending:

Hi David, On 4 Oct 2015, at 14:00, David Conrad wrote: > On Oct 2, 2015, at 9:10 AM, Suzanne Woolf wrote: > Preempting a WGLC, I support the document. It states its aim of > documenting existing practices, and it does so clearly. I agree completely. I am actually confused as t

Re: [DNSOP] Expiration impending:

On 4 okt. 2015, at 20:27, Suzanne Woolf wrote: > On Oct 4, 2015, at 2:00 PM, David Conrad wrote: > >> I've since been told that the draft doesn't actually document current >> practice (don't know the details), so this probably needs to be fixed. > > What "needs to be fixed"? That the draft do

Re: [DNSOP] Expiration impending:

On 5 Oct 2015, at 8:50, Jakob Schlyter wrote: On 4 okt. 2015, at 20:27, Suzanne Woolf wrote: On Oct 4, 2015, at 2:00 PM, David Conrad wrote: I've since been told that the draft doesn't actually document current practice (don't know the details), so this probably needs to be fixed. What

Re: [DNSOP] Expiration impending:

On 5 okt. 2015, at 15:08, Paul Hoffman wrote: >> As far as I'm aware, the document does document current practice. > > It does not. It describes a mixture of some of the current practice and some > aspirational hopes for how things might be done. Further, it is incomplete in > many aspects. I

Re: [DNSOP] Expiration impending:

On 5 Oct 2015, at 9:32, Jakob Schlyter wrote: The document goes well beyond describing the files, and this is where it fails. Further, the files are not the only way that the trust anchor is published, so the document is fairly incomplete. Trust anchors may be published in other ways, but IMH

Re: [DNSOP] Expiration impending:

Given that the title and abstract of this document disagree with what many people here have said they want the document to discuss, if the WG adopts this work item, please adopt an exact description of what is wanted with the expectation that this draft could be changed to fit the description.

Re: [DNSOP] Expiration impending:

Hi Paul, On 5 Oct 2015, at 9:52, Paul Hoffman wrote: Given that the title and abstract of this document disagree with what many people here have said they want the document to discuss, if the WG adopts this work item, please adopt an exact description of what is wanted with the expectation th

Re: [DNSOP] Expiration impending:

every time I post a reply to a thread I think a million kittens (for herding) are born Joe, so it evens out. Here's another kitten to kill... Something very left field for me, but I believe important, is that we need to also publish the out-of-band publication point of the trust material. I menti

Re: [DNSOP] Expiration impending:

On 5 Oct 2015, at 10:42, George Michaelson wrote: > Something very left field for me, but I believe important, is that we need > to also publish the out-of-band publication point of the trust material. This draft is exclusively concerned with publishing trust anchors out-of-band of the protoco

Re: [DNSOP] Expiration impending:

If its on the internet, its not out of band. On Mon, Oct 5, 2015 at 9:55 AM, Joe Abley wrote: > > > On 5 Oct 2015, at 10:42, George Michaelson wrote: > > > Something very left field for me, but I believe important, is that we > need > > to also publish the out-of-band publication point of the tr

Re: [DNSOP] Expiration impending:

better versed in that subject. -Rick From: DNSOP [mailto:dnsop-boun...@ietf.org] On Behalf Of George Michaelson Sent: Monday, October 5, 2015 8:07 AM To: Joe Abley Cc: dnsop WG ; Paul Hoffman Subject: Re: [DNSOP] Expiration impending: If its on the internet, its not out of band. On Mon

Re: [DNSOP] Expiration impending:

On 5 Oct 2015, at 11:06, George Michaelson wrote: > If its on the internet, its not out of band. Then there's no out-of-band (by your use of the phrase) distribution of trust anchors today. I think it's fair to say that your understanding of the phrase is not universal, incidentally, in age wh

Re: [DNSOP] Expiration impending:

op-boun...@ietf.org] *On Behalf Of *George > Michaelson > *Sent:* Monday, October 5, 2015 8:07 AM > *To:* Joe Abley > *Cc:* dnsop WG ; Paul Hoffman > *Subject:* Re: [DNSOP] Expiration impending: > > > > > If its on the internet, its not out of band. > > > &g

Re: [DNSOP] Expiration impending:

On 10/5/15, 9:37, "DNSOP on behalf of Tim Wicinski" wrote: >Could ICANN not document what they do now ? In there world of "there's so many things to do" - a few weeks back, off-list, there was a start of a discussion to alter the list of editors (namely, add me) of the draft. Aside - if I reca

Re: [DNSOP] Expiration impending:

Out of band was discussed very early on with DNSSEC. John Gilmore and I talked about it at the INET’98 conference. A problem is transitive trust. At some point you leave the DNS trust hierarchy and have to trust assertions in a different trust domain. Sometimes several other trust domains… I t

Re: [DNSOP] Expiration impending:

A document called "DNSSEC Trust Anchor Publication for the Root Zone" that says nothing about the most common KSK publication practice, that is, by resolver software developers, is woefully incomplete. If instead the document is supposed to be about current ICANN publication only, then the doc

Re: [DNSOP] Expiration impending:

Hi Paul, On 5 Oct 2015, at 15:35, Paul Hoffman wrote: A document called "DNSSEC Trust Anchor Publication for the Root Zone" that says nothing about the most common KSK publication practice, that is, by resolver software developers, is woefully incomplete. I am confused by that. The KSK maint

Re: [DNSOP] Expiration impending:

On 5 Oct 2015, at 16:12, Joe Abley wrote: Hi Paul, On 5 Oct 2015, at 15:35, Paul Hoffman wrote: A document called "DNSSEC Trust Anchor Publication for the Root Zone" that says nothing about the most common KSK publication practice, that is, by resolver software developers, is woefully incomp

Re: [DNSOP] Expiration impending:

On 5 Oct 2015, at 16:43, Paul Hoffman wrote: On 5 Oct 2015, at 16:12, Joe Abley wrote: Hi Paul, On 5 Oct 2015, at 15:35, Paul Hoffman wrote: A document called "DNSSEC Trust Anchor Publication for the Root Zone" that says nothing about the most common KSK publication practice, that is, by

Re: [DNSOP] Expiration impending:

On 5 Oct 2015, at 17:00, Joe Abley wrote: On 5 Oct 2015, at 16:43, Paul Hoffman wrote: On 5 Oct 2015, at 16:12, Joe Abley wrote: Hi Paul, On 5 Oct 2015, at 15:35, Paul Hoffman wrote: A document called "DNSSEC Trust Anchor Publication for the Root Zone" that says nothing about the most com

Re: [DNSOP] Expiration impending:

On 5 Oct 2015, at 17:16, Paul Hoffman wrote: On 5 Oct 2015, at 17:00, Joe Abley wrote: OK, I agree they are templates. I disagree that it makes sense to publish URLs that refer to just the key label used by the currently active KSK. That would make this document inaccurate as soon as a KS

Re: [DNSOP] Expiration impending:

For BIND is is essentially useless as we use DNSKEYs as our trust anchors. You can go from a DNSKEY to a DS record. You can't go from a DS record to a DNSKEY, you can only select from a set of DNSKEYs the one or more (not that I expect that to ever happen) that matches a DS. If you are going to

Re: [DNSOP] Expiration impending:

Moin! On 5 Oct 2015, at 17:42, Suzanne Woolf wrote: All, First, thanks to the engaging on this. On Oct 5, 2015, at 5:20 PM, "Joe Abley" wrote: Perhaps it's time to sit back and wait for others here to express an opinion. I'd like to hear opinions from others in the WG with an operationa

Re: [DNSOP] Expiration impending:

it might be useful to review/consider how the IETF NOMCOM does or did its selections. At one point, they used, as a salt, stock values as published on a particular date and time. the USG does the same type of thing with the CBD. …

Re: [DNSOP] Expiration impending:

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi, On 05/10/15 23:42, Suzanne Woolf wrote: > All, > > First, thanks to the engaging on this. > > On Oct 5, 2015, at 5:20 PM, "Joe Abley" > wrote: >> >> Perhaps it's time to sit back and wait for others here to >> express an opinion. > > I'd li

Re: [DNSOP] Expiration impending:

On Mon, Oct 05, 2015 at 09:39:06AM -0400, Paul Hoffman wrote: > Fully agree. That is why this should not be an IETF document, and instead it > should be written and published by the organization that is responsible for > the formats and publication methods. I don't really care how this happens, bu

Re: [DNSOP] Expiration impending:

Hi, > On Oct 8, 2015, at 9:40 AM, Andrew Sullivan wrote: > > On Mon, Oct 05, 2015 at 09:39:06AM -0400, Paul Hoffman wrote: >> Fully agree. That is why this should not be an IETF document, and instead it >> should be written and published by the organization that is responsible for >> the formats

Re: [DNSOP] Expiration impending:

On Thu, Oct 08, 2015 at 10:06:47AM -0700, David Conrad wrote: > > What am I missing? >From my POV, nothing. Paul seemed to be suggesting that the current arrangements should be published somehow other than as "an IETF document". Maybe he meant "send it up the Independent Submissions editor with

Re: [DNSOP] Expiration impending:

On 8 Oct 2015, at 11:08, Andrew Sullivan wrote: On Thu, Oct 08, 2015 at 10:06:47AM -0700, David Conrad wrote: What am I missing? From my POV, nothing. Paul seemed to be suggesting that the current arrangements should be published somehow other than as "an IETF document". Maybe he meant "

Re: [DNSOP] Expiration impending:

In the past, when organizations found themselves in the same situation that ICANN seems to find itself in here (at least as outlined by yourself, below) they have done what ICANN has done and is trying to do now, which is to pass the document on to a neutral third party for “safe keeping”. One

Re: [DNSOP] Expiration impending:

>In the past, when organizations found themselves in the same situation that >ICANN seems to find itself in here >(at least as outlined by yourself, below) >they have done what ICANN has done and is trying to do now, which is to pass >the document on to a neutral third >party for �safe keeping�.

Re: [DNSOP] Expiration impending:

Suzanne, > (Jonne Soininen is the current liaison manager, cc'd). Jonne's email address looks suspiciously like Andrew's :) > This sounds like you'd be OK with publishing the document as an Informational > RFC, Yes. > mod making sure it's accurate as a current description, Most important and

Re: [DNSOP] Expiration impending:

perhaps… I think (well it used to work this way) that regardless of HOW it comes under IETF purview, once it does, it is no longer under the change control of the submitting organization. manning bmann...@karoshi.com PO Box 6151 Playa del Rey, CA 90296 310.322.8102 On 8October2015Thursda

Re: [DNSOP] Expiration impending:

On 8 Oct 2015, at 22:25, manning wrote: perhaps… I think (well it used to work this way) that regardless of HOW it comes under IETF purview, once it does, it is no longer under the change control of the submitting organization. I think this is a bit of a red herring. When we published RFC

Re: [DNSOP] Expiration impending:

On 9October2015Friday, at 4:41, Joe Abley wrote: > > > On 8 Oct 2015, at 22:25, manning wrote: > >> perhaps… I think (well it used to work this way) that regardless of HOW it >> comes under IETF purview, once it does, >> it is no longer under the change control of the submitting organizati

Re: [DNSOP] Expiration impending:

On 9 Oct 2015, at 12:20, manning wrote: On 9October2015Friday, at 4:41, Joe Abley wrote: Aside from the motivation to provide a useful technical specification in a place where it can be easily found, I continue to feel that it is important that significant infrastructural elements of the In

Re: [DNSOP] Expiration impending:

On Fri, Oct 09, 2015 at 07:41:38AM -0400, Joe Abley wrote: > > When we published RFC 7108 as an independent submission there was no > suggestion that the IETF expected to wield change control over the > operations of L-Root. Independent submissions are not IETF products. I think that's what Bill

Re: [DNSOP] Expiration impending:

...@ietf.org] On Behalf Of W.C.A. Wijngaards Sent: Tuesday, October 6, 2015 1:53 AM To: dnsop@ietf.org Subject: Re: [DNSOP] Expiration impending: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi, On 05/10/15 23:42, Suzanne Woolf wrote: > All, > > First, thanks to the engaging on this

Re: [DNSOP] Expiration impending:

nce would be useful for implementers like > myself. -Rick > > > -Original Message- > From: DNSOP [mailto:dnsop-boun...@ietf.org ] On Behalf Of > W.C.A. Wijngaards > Sent: Tuesday, October 6, 2015 1:53 AM > To: dnsop@ietf.org > Subject: Re: [DNSOP] Expiration imp