To:
<dnssec@cafax.se>
From:
"Scott Rose" <scottr@antd.nist.gov>
Date:
Wed, 5 Dec 2001 11:20:21 -0500
Sender:
owner-dnssec@cafax.se
Subject:
Re: Where are we (metaphorically speaking)?
Speaking of where we are (and where we are going): Are we planning on another "DNSSEC pow-wow" during IETF? Scott ----- Original Message ----- From: "Bill Manning" <bmanning@zed.isi.edu> To: "Edward Lewis" <lewis@tislabs.com> Cc: <dnssec@cafax.se> Sent: Tuesday, December 04, 2001 7:29 PM Subject: Re: Where are we (metaphorically speaking)? > > 1) Securing the tree > > > > Issue #3 > > > > Adoption approaches. This refers to unsigned records and "opt-in." > > Haven't heard a lot on this in recent months. > > > Does this cover "gaps" in the validation heirarchy? > > > 2) Support for applications > > > Michael Richardsons draft was done outside the DNSSEC community. > > > 3) Operational considerations > > > > Issue #7 > > > > Root zone key management issues. (Root server engineers.) > > Being worked on. Have a working process for TSIG generation & > rollover. Testing of other issues is ongoing with the OTDR > project. (When will we see IAN? :) > > > > Issue #8 > > > > Updating crypto-specifications. I.e., change from HMAC-MD5 to HMAC-SHA-1, > > updates to DSA and Diffie Hellman. > > The FreeSwan folks want RSA. The larger issue would be how to discover > and use differences in crypto-specs used between zones. > > > Issue #10 > > > > DNSSEC interactions with Dynamic Update. Resigning zone data that hasn't > > been refreshed versus dropping data with expired signatures. > > Rumour has it that there is a closed testing session to be > held post-RIPE in January that will touch on this very issue. > > --bill