Last Call: draft-ietf-dnsext-rollover-requirements -- Comment submission

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Dear IESG participants:

Now that the draft-ietf-dnsext-rollover-requirements comes to the IESG, I suspect the document should be reviewed with a broader perspective than the interoperability focus of the DNSEXT wg.

This draft is a requirements document that supports a protocol document, i.e. draft-ietf-dnsext-trustupdate-timers. In the DNSEXT wg, I objected to the requirements document, but acknowledged that the protocol document seems coherent with the requirements as documented.

In this context, I bring to the IESG three questions about the draft-ietf-dnsext-rollover-requirements:

(A) Is the redefinition of IPR procedures in a working group requirements document an acceptable precedent in IETF governance? See the text of document section 5.2 which was instrumental in the adoption of the protocol document by the DNSEXT wg.

(B) ICANN (with the assistance of its IANA operating entity and DNS root operators) is the foremost operator for the protocol to be adopted by the IETF for automated DNSSEC trust anchor key rollover. Was the ICANN perspective taken into account in the document development process to the satisfaction fo the IESG?

(C) In the later phase of DNSEXT wg activities in this area, an IESG member expressed concerns about the absence of a security model in the protocol document (see comment by Eric Rescorla at http://ops.ietf.org/lists/namedroppers/namedroppers.2006/msg01027.html and replies by Mike St-Johns at http://ops.ietf.org/lists/namedroppers/namedroppers.2006/msg01036.html and myself at http://ops.ietf.org/lists/namedroppers/namedroppers.2006/msg01038.html). Does the IESG perspective call for a greater attention to a formal security foundation in the requirements specifications phase as well?

Despite my personal reservations about the DNSEXT wg process that brought the two drafts to their current state, e.g. question (A) above, I do not challenge the fact that rough consensus was reached at the wg level. Thus, the above three questions would be relevant to the extent that the IESG perspective may be more encompassing than the wg one.

Thanks for your attention to the DNSSEC protocol extension project; in any event, it remains a fascinating application scheme for public key digital signatures.

Best regards,

--

- Thierry Moreau

CONNOTECH Experts-conseils inc.
9130 Place de Montgolfier
Montreal, Qc
Canada   H2M 2A1

Tel.: (514)385-5691
Fax:  (514)385-5900

web site: http://www.connotech.com
e-mail: thierry.moreau@xxxxxxxxxxxxx


_______________________________________________

Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf

[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]