ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Last Call: draft-ietf-dnsext-rollover-requirements -- Comment submission

2007-01-22 09:01:55
from [Thierry Moreau] [Permanent Link] 
Dear IESG participants:
Now that the draft-ietf-dnsext-rollover-requirements comes to the IESG, I suspect the document should be reviewed with a broader perspective than the interoperability focus of the DNSEXT wg.
This draft is a requirements document that supports a protocol document, i.e. draft-ietf-dnsext-trustupdate-timers. In the DNSEXT wg, I objected to the requirements document, but acknowledged that the protocol document seems coherent with the requirements as documented.
In this context, I bring to the IESG three questions about the draft-ietf-dnsext-rollover-requirements:
(A) Is the redefinition of IPR procedures in a working group requirements document an acceptable precedent in IETF governance? See the text of document section 5.2 which was instrumental in the adoption of the protocol document by the DNSEXT wg.
(B) ICANN (with the assistance of its IANA operating entity and DNS root operators) is the foremost operator for the protocol to be adopted by the IETF for automated DNSSEC trust anchor key rollover. Was the ICANN perspective taken into account in the document development process to the satisfaction fo the IESG?
(C) In the later phase of DNSEXT wg activities in this area, an IESG member expressed concerns about the absence of a security model in the protocol document (see comment by Eric Rescorla at http://ops.ietf.org/lists/namedroppers/namedroppers.2006/msg01027.html and replies by Mike St-Johns at http://ops.ietf.org/lists/namedroppers/namedroppers.2006/msg01036.html and myself at http://ops.ietf.org/lists/namedroppers/namedroppers.2006/msg01038.html). Does the IESG perspective call for a greater attention to a formal security foundation in the requirements specifications phase as well?
Despite my personal reservations about the DNSEXT wg process that brought the two drafts to their current state, e.g. question (A) above, I do not challenge the fact that rough consensus was reached at the wg level. Thus, the above three questions would be relevant to the extent that the IESG perspective may be more encompassing than the wg one.
Thanks for your attention to the DNSSEC protocol extension project; in any event, it remains a fascinating application scheme for public key digital signatures. 

Best regards,

--

- Thierry Moreau

CONNOTECH Experts-conseils inc.
9130 Place de Montgolfier
Montreal, Qc
Canada   H2M 2A1

Tel.: (514)385-5691
Fax:  (514)385-5900

web site: http://www.connotech.com
e-mail: thierry(_dot_)moreau(_at_)connotech(_dot_)com


_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • Last Call: draft-ietf-dnsext-rollover-requirements -- Comment submission, Thierry Moreau <=
Previous by Date:  Re: Last Call: draft-ietf-webdav-rfc2518bis (HTTP Extensions for Distributed Authoring - WebDAV) to Proposed Standard, Geoffrey M Clemm
Next by Date:  RE: MUST implement AES-CBC for IPsec ESP, Russ Housley
Previous by Thread:  RE: Last Call: draft-ietf-webdav-rfc2518bis (HTTP Extensions for Distributed Authoring - WebDAV) to Proposed Standard, Kevin Wiggen
Next by Thread:  Re: submitting an ID, Noel Chiappa
Indexes:  [Date] [Thread] [Top] [All Lists]