[Dnssec-deployment] was Re: GI signatures expired

Dave Knight dave at knig.ht
Mon Jan 3 17:03:15 EST 2011


On 2011-01-03, at 2:22 PM, Paul Hoffman wrote:

> On 1/3/11 10:36 AM, Dave Knight wrote:
>> 
>> On 2011-01-03, at 12:23 PM, Chris Thompson wrote:
>> 
>>> On Jan 3 2011, Edward Lewis wrote:
>>> 
>>>> Why did you send this to the dnssec-deployment list?
>>> 
>>> Because it might be of general interest? Do you think that (say) the OARC
>>> mailing list would be more suitable for DNSSEC operational issues?
>>> 
>>> I would think that issues relating to DNSSEC teething pains (and Afilias
>>> are rather substantial contributors to the signed TLD count, so their
>>> troubles could become everyone's troubles) might be considered to fall
>>> under "deployment", but maybe list consensus is otherwise. Opinions
>>> solicited.
>> 
>> My opinion is that it's just good etiquette to try and report a problem to the operator first, save the naming and shaming for later if they somehow fail to satisfy.
> 
> Chris' original message was about a signature that was already expired. Thus, it's not "naming and shaming" as much as a warning to resolver operators *and* a note about deployment issues.


I tend to think about this stuff mostly from the authority server side of things, so I am curious as to what use this kind of warning is, would the operator of a validator take any action as the result of receiving it?

dave


More information about the Dnssec-deployment mailing list