ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Gen-art] Gen-ART review of draft-ietf-dnsop-dnssec-dps-framework-08

2012-07-18 13:10:14
from [Joe Abley] [Permanent Link] 

On 2012-07-18, at 11:49, Russ Housley wrote:


So a DNSSEC signer starts under one set of documents, and then for whatever 
reason, the policy changes and the parties validating the signature have no 
means to determine that the signer is following a new policy.


They have means, they just don't have a way of deriving a specific policy from 
a specific DNSKEY. The available means are documented in the DPS.


So I am missing the value of the policy to the parties that rely on these 
signatures.


Your suggestion is that if there's no way to the policy just from the contents 
of a DNSKEY RR, there's no point publishing a policy at all?


Joe
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Gen-art] Gen-ART review of draft-ietf-dnsop-dnssec-dps-framework-08, Stephen Kent
Next by Date:  Re: Last Call: <draft-ietf-intarea-ipv4-id-update-05.txt> (Updated Specification of the IPv4 ID Field) to Proposed Standard, Joe Touch
Previous by Thread:  Re: [Gen-art] Gen-ART review of draft-ietf-dnsop-dnssec-dps-framework-08, Stephen Kent
Next by Thread:  Re: [Gen-art] Gen-ART review of draft-ietf-dnsop-dnssec-dps-framework-08, Fredrik Ljunggren
Indexes:  [Date] [Thread] [Top] [All Lists]