Trust Anchor Update Requirements for DNSSEC - PowerPoint PPT Presentation

About This Presentation
Title:

Trust Anchor Update Requirements for DNSSEC

Description:

Steve Crocker, Howard Eland, Russ Mundy. 21 Mar 06. IETF-65/dnsext Rollover Req mundy_at_tislabs.com ... Multiple proposals on the table' for trust anchor rollover ... – PowerPoint PPT presentation

Number of Views:51
Avg rating:3.0/5.0
Slides: 19
Provided by: rus108
Learn more at: https://www.ietf.org
Category:

less

Transcript and Presenter's Notes

Title: Trust Anchor Update Requirements for DNSSEC


1
Trust Anchor Update Requirements for DNSSEC
  • Russ Mundy
  • mundy_at_sparta.com, mundy_at_tislabs.com
  • for the editors
  • Steve Crocker, Howard Eland, Russ Mundy

2
Short Background
  • Multiple proposals on the table for trust
    anchor rollover
  • During dnsext meeting at IETF-64, working group
    decided that various proposals were solving
    different problems
  • We need a Requirements Document
  • Editors Volunteered
  • WG Co-chairs directed WG to send trust anchor
    rollover requirements directly to editors

3
Short Background (cont.)
  • Small number of requirements stated at Vancouver
    WG meeting
  • Editors ground rules
  • Editors would not look at any proposed solutions
    while creating the ID
  • Editors would not include any of their
    requirements in the 00 ID
  • Editors received very few requirements inputs
    after the meeting

4
Short Background (cont.)
  • The editors were LATE producing the document
    (sorry)
  • Individual requirements ID was published a short
    time before the initial WG ID was complete

5
Rollover Req Current State
  • Two requirements documents published as IDs
  • Much discussion of WG ID on the list
  • 10 requirements identified in WG ID
  • 100 messages since 21 Feb announcement of ID
  • Initial discussion centered completeness of ID
  • Comments about definitions containing
    requirements
  • Hilarie Orman provided contrast with individual
    ID
  • Approximately 90 messages dealing with one issue
  • Small number (10) messages related to another
    requirement

6
Rollover Req Current State (cont.)
  • Individual submission ID published shortly before
    WG ID
  • ID lists 10 requirements
  • Compare contrast later in presentation
  • Small amount of discussion on the list
  • Comments made centered on concerns
    about the availability /or encumbrance of takrem

7
WG ID Requirements State
  • 5.1 Scalability
  • no discussion
  • text may be acceptable
  • 5.2 No Intellectual Property Encumbrance
  • HUGE amount of discussion
  • Seem to have sufficient words
  • 5.3 General Applicability
  • minimal discussion
  • text may be acceptable

8
WG ID Requirements State (cont.)
  • 5.4 Support Private Networks
  • no discussion
  • text may be acceptable
  • 5.5 Support Reconnecting Systems
  • minimal discussion - length of time needed to
    support re-connecting off-line systems needs to
    be decided
  • descriptive text may be acceptable

9
WG ID Requirements State (cont.)
  • 5.6 Manual Operations Permitted
  • Moderate amount of discussion
  • Not clear if current text captures requirement
  • May result in more than one requirement
    particularly WRT mandatory to implement
  • 5.7 Planned and Unplanned Rollovers
  • minimal discussion
  • text may be acceptable

10
WG ID Requirements State (cont.)
  • 5.8 Timeliness
  • no discussion
  • text may be acceptable
  • 5.9 High Availability
  • no discussion yet but some is needed
  • basic text may be acceptable
  • 5.10 New RR Types
  • no discussion yet but some is needed
  • basic text may be acceptable

11
(No Transcript)
12
WG ID General Comments
  • Comment Definitions contain embedded
    requirements
  • Response May be correct but content of
    definitions was developed by the editors who
  • Avoided putting their own requirements in ID
  • needed more terminology than was defined in RFC
    4033
  • Text provided already will be included in 01

13
General Comment
  • Comment Comparison of Individual ID WG ID by
    Hilarie Orman
  • Each document has good points
  • Neither document is complete
  • Response Desires of WG are not clear
  • Minimal discussion on list WRT comparison
  • No statements of support or opposition to
    suggestion that requirements are incomplete

14
General Comment (cont.)
  • Tried to extract specific requirements from
    individual ID but didnt succeed
  • Not clear that Hilaries abstraction matched
    authors intent for the requirement
  • ID describes defines a number of operational
    practices that are normally local policy in
    IETF specifications
  • ID seems to define security requirements that
    extend well beyond trust anchor rollover
  • These may be needed but thats beyond the scope
    of the current Trust Anchor rollover requirements
    document
  • Usage of some terms seems inconsistent with
    RFC-4033

15
General Comment (cont.)
  • Seeking input from the WG
  • Do folks see requirements in the individual ID
    that should be included in the WG ID?
  • Are folks willing to provide text?
  • From a broader perspective, do folks believe
    there are requirements that are not currently in
    the WG ID?
  • (Personal comment, I really think there must be
    but as an editor, I dont want to invent them)

16
Whats Next?
  • Publish an 01 version that incorporates current
    revisions
  • Hoping to send 01 to ID editor by the end of next
    week
  • Plea from the editors for more discussion on
    current or new requirements
  • Discussion on one challenging requirement seems
    to have consensus
  • There are currently nine others that we need to
    be sure we reach consensus on quickly.
  • If you like some requirement /or wording, say so
  • If you dont, say that also but please provide
    text

17
Other Comments, Questions or Suggestions?
18
Other Comments, Questions or Suggestions?
Write a Comment
User Comments (0)
About PowerShow.com