Joe: I think you missed my point. In a PKI, when the issuer significantly changes the policy, subsequent certificates have a different policy identifier. I do not see a similar concept here. Russ On Jul 16, 2012, at 6:33 PM, Joe Abley wrote: > Hi Russ, > > On 2012-07-15, at 11:39, Russ Housley wrote: > >> Peter: >> >> Thanks for the review. I've not read this document yet, but you review raises a question in my mind. >> >> If a DNSSEC policy or practice statement is revised or amended, what actions are needed make other aware of the change? > > Each DPS contains these kinds of details. Guidance for how to write the corresponding DPS sections is included in this draft: > > 4.2. Publication and repositories > > The component describes the requirements for an entity to publish > information regarding its practices, public keys, the current status > of such keys together with details relating to the repositories in > which the information is held. This may include the responsibilities > of publishing the DPS and of identifying documents that are not made > publicly available owing to their sensitive nature, e.g. security > controls, clearance procedures, or business information. > > 4.2.1. Repositories > > This subcomponent describes the repository mechanisms used for making > information available to the stakeholders, and may include: > > o The locations of the repositories and the means by which they may > be accessed; > > o An identification of the entity or entities that operate > repositories, such as a zone operator or a TLD Manager; > > o Access control on published information objects. > > o Any notification services which may be subscribed to by the > stakeholders; > > > Joe >