Joe:
I think you missed my point. In a PKI, when the issuer significantly changes
the policy, subsequent certificates have a different policy identifier. I do
not see a similar concept here.
Russ
On Jul 16, 2012, at 6:33 PM, Joe Abley wrote:
Hi Russ,
On 2012-07-15, at 11:39, Russ Housley wrote:
Peter:
Thanks for the review. I've not read this document yet, but you review
raises a question in my mind.
If a DNSSEC policy or practice statement is revised or amended, what actions
are needed make other aware of the change?
Each DPS contains these kinds of details. Guidance for how to write the
corresponding DPS sections is included in this draft:
4.2. Publication and repositories
The component describes the requirements for an entity to publish
information regarding its practices, public keys, the current status
of such keys together with details relating to the repositories in
which the information is held. This may include the responsibilities
of publishing the DPS and of identifying documents that are not made
publicly available owing to their sensitive nature, e.g. security
controls, clearance procedures, or business information.
4.2.1. Repositories
This subcomponent describes the repository mechanisms used for making
information available to the stakeholders, and may include:
o The locations of the repositories and the means by which they may
be accessed;
o An identification of the entity or entities that operate
repositories, such as a zone operator or a TLD Manager;
o Access control on published information objects.
o Any notification services which may be subscribed to by the
stakeholders;
Joe