On 2 Aug 2024, at 02:34, Paul Hoffman <paul.hoffman@xxxxxxxxx> wrote: > On Jul 31, 2024, at 23:15, Joe Abley <jabley@xxxxxxxxxxxx> wrote: >> >> On 1 Aug 2024, at 02:29, Paul Hoffman <paul.hoffman@xxxxxxxxx> wrote: >> >>>> Is there implementation experience with the new format? What was the >>>> implementer feedback? >>> >>> We have heard informally that some implementers have added the new features with no problems, but they obviously can't test it until there is a new trust anchor file from IANA, and that's waiting on the standard to be published. >> >> Why obviously? > > Because they can't test whether a fake trust anchor is actually signing the root zone. Generally, the point of validation is to tell whether signatures are authentic. Everybody can test this. That's what validation is. >> The software that generates the file is not secret, and presumably there is equivalent hardware to that used in the KMF that is available for testing. It seems like it ought to be straightforward to generate some test files. Testing prior to first production use seems like a sensible thing to do. > > That would be testing whether the software could ingest a trust anchor file, not whether what it ingests would actually work. Since this document specifies the format of the trust anchor file, that seems like exactly the appropriate testing to do. Joe -- last-call mailing list -- last-call@xxxxxxxx To unsubscribe send an email to last-call-leave@xxxxxxxx