On Jul 31, 2024, at 23:15, Joe Abley <jabley@xxxxxxxxxxxx> wrote: > > On 1 Aug 2024, at 02:29, Paul Hoffman <paul.hoffman@xxxxxxxxx> wrote: > >>> Is there implementation experience with the new format? What was the >>> implementer feedback? >> >> We have heard informally that some implementers have added the new features with no problems, but they obviously can't test it until there is a new trust anchor file from IANA, and that's waiting on the standard to be published. > > Why obviously? Because they can't test whether a fake trust anchor is actually signing the root zone. > The software that generates the file is not secret, and presumably there is equivalent hardware to that used in the KMF that is available for testing. It seems like it ought to be straightforward to generate some test files. Testing prior to first production use seems like a sensible thing to do. That would be testing whether the software could ingest a trust anchor file, not whether what it ingests would actually work. > Similarly, it seems like testing the adequacy of the standard before it is published is the right the order to do things. It's much harder to correct ambiguity after publication than before. Of course. We'd be happy if anyone was doing that testing now. --Paul Hoffman -- last-call mailing list -- last-call@xxxxxxxx To unsubscribe send an email to last-call-leave@xxxxxxxx
