[Dnssec-deployment] was Re: GI signatures expired

Dave Knight dave at knig.ht
Mon Jan 3 17:03:15 EST 2011

On 2011-01-03, at 2:22 PM, Paul Hoffman wrote:

> On 1/3/11 10:36 AM, Dave Knight wrote:
>> On 2011-01-03, at 12:23 PM, Chris Thompson wrote:
>>> On Jan 3 2011, Edward Lewis wrote:
>>>> Why did you send this to the dnssec-deployment list?
>>> Because it might be of general interest? Do you think that (say) the OARC
>>> mailing list would be more suitable for DNSSEC operational issues?
>>> I would think that issues relating to DNSSEC teething pains (and Afilias
>>> are rather substantial contributors to the signed TLD count, so their
>>> troubles could become everyone's troubles) might be considered to fall
>>> under "deployment", but maybe list consensus is otherwise. Opinions
>>> solicited.
>> My opinion is that it's just good etiquette to try and report a problem to the operator first, save the naming and shaming for later if they somehow fail to satisfy.
> Chris' original message was about a signature that was already expired. Thus, it's not "naming and shaming" as much as a warning to resolver operators *and* a note about deployment issues.

I tend to think about this stuff mostly from the authority server side of things, so I am curious as to what use this kind of warning is, would the operator of a validator take any action as the result of receiving it?


More information about the Dnssec-deployment mailing list