[dnssec-deployment] Discussion document for 14 July 2004 meeting
steven.cheung at sri.com
Thu Jul 15 14:42:24 EDT 2004
I think the document presents a very nice first cut for
a framework of the DNSSEC deployment roadmap.
I especially like the decomposition of the
DNSSEC deployment problem into "functional cycles",
which are more manageable and relate to various
activities that people of different roles will
perform to deploy DNSSEC.
As for suggestions, it seems that clarification/refinement
for the goal (Section 1) and for the "concepts" (Section 3)
The goal appears to be written with the folks in
the DNSSEC deployment working group in mind.
Although universal deployment of DNSSEC is a lofty
goal, using it outside the working group (or even
inside the group :) might trigger resistance.
I like Mike StJohn's suggestion of qualifying the
lookup requests to those that ask for DNSSEC.
It might be useful to refine the notation of
"concepts" to better describe their roles.
From the list of concepts shown in Section 4.1,
it appears that one may partition them into
different types---some are like "prerequisites" for a
functional cycle such as relevant keys are distributed,
some are like configuration parameters or attributes
such as site-specific policy and zone status(?),
some pertain to the environment or assumptions such as DNS threats,
and some may be considered as triggers for a functional
cycle such as the expiration of a key.
Using a more fine-grained classification of the concepts
(e.g., prerequisites) might also be useful to better
describe the relationships among functional cycles.
For example, the "Trust anchor configuration cycle" provides
trust anchors that are consumed by the "Lookup cycle".
Amy Friedlander wrote:
> Good afternoon. Please find attached the working document that
> reflects the discussions that have taken place around formulating the
> roadmap document. Please consider this documentation of work in
> progress and please do not circulate it beyond the group. That said,
> and recognizing that it is a substantial document to think through, it
> would be helpful if you might give some thought to the following:
> (1) What works and what's missing from a technical perspective?
> (2) How would we tailor the message to different audiences? And
> who are these audiences?
> (3) Is the list of issues (section 5) sufficient? What's missing?
> Does the proposed the format for the responses work? Namely, -a cogent
> expansion of the term that frames the question; history; current
> status, relation to other issues; next steps; name the major protagonists.
> I'll be taking notes. . . .
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Dnssec-deployment