To:
Edward Lewis <lewis@tislabs.com>
Cc:
dnssec@cafax.se
From:
Bill Manning <bmanning@zed.isi.edu>
Date:
Tue, 4 Dec 2001 16:29:18 -0800
In-Reply-To:
<v03130309b832ba724181@[199.171.39.21]>; from lewis@tislabs.com on Tue, Dec 04, 2001 at 01:44:30PM -0500
Sender:
owner-dnssec@cafax.se
Subject:
Re: Where are we (metaphorically speaking)?
> 1) Securing the tree > > Issue #3 > > Adoption approaches. This refers to unsigned records and "opt-in." > Haven't heard a lot on this in recent months. Does this cover "gaps" in the validation heirarchy? > 2) Support for applications > Michael Richardsons draft was done outside the DNSSEC community. > 3) Operational considerations > > Issue #7 > > Root zone key management issues. (Root server engineers.) Being worked on. Have a working process for TSIG generation & rollover. Testing of other issues is ongoing with the OTDR project. (When will we see IAN? :) > Issue #8 > > Updating crypto-specifications. I.e., change from HMAC-MD5 to HMAC-SHA-1, > updates to DSA and Diffie Hellman. The FreeSwan folks want RSA. The larger issue would be how to discover and use differences in crypto-specs used between zones. > Issue #10 > > DNSSEC interactions with Dynamic Update. Resigning zone data that hasn't > been refreshed versus dropping data with expired signatures. Rumour has it that there is a closed testing session to be held post-RIPE in January that will touch on this very issue. --bill