[rssac-caucus] Results of caucus review of the RSSAC Report on Root zone TTLs
Dear RSSAC Caucus, Thank you for your feedback on the TTL document. The editors studied all the comments received from RSSAC Caucus, RSSAC and from ICANN on this report, and addressed all of them. Attached please find a revised version of the document. The major changes in this revision are: 1) moved the problem statement to the introduction to properly motivate the discussion. 2) added a section describing lab experiment to prove the signature validity problem can really happen. 3) explained the (rare) conditions under which signature validity problems could occur. 4) added caucus member¹s input on mitigation options. 5) editorial changes through out the document for factual corrections. Please see four documents: 1) clean, REDLINE (word and PDF) version of the latest advisory. 2) a document listing how each comments are addressed by the editors. With that, thank you very much for your input. Please let us know if there are any additional feedback that you have on this document. Duane will solicit further feedback from root server operators. Our goal is to finalize this document by IETF 93 and send it to RSSAC for action. Best, Steve
Hi, Thank you for addressing the comments. It is also very convienient to have the new version and the "how comments are addressed" document. I think it is pretty important to note that TTL values are not so much documented, so mayby something similar as the editor response below could be placed in the intro or in section 3. "Editors’ Response: RFC 1033 has a section on TTLs, which we reference toward the end. Based on my familiarity with the RFCs I do not expect that we’ll find more any specific advice to DNS operators in general, nor for the root zone in particular." I agree with the responses. My response to comments 11'response would be: I agree that the figure is clear, What I meant was a "formal" relation between TTL values woudl be helpful to implement a checkzone test to somehow validate the root zone. Here the comment 11: 11) section 6.4.1 Is there any reason the relation between the different Time is not expressed. SOA_Expire + NS_TTL <= ZSK_validity Editors’ Response: I’m not sure I understand the question. I think Figure 7 is clear. Hope it helps, BR, Daniel On Tue, Jul 7, 2015 at 10:32 PM, Steve Sheng <steve.sheng@icann.org> wrote:
Dear RSSAC Caucus,
Thank you for your feedback on the TTL document. The editors studied all the comments received from RSSAC Caucus, RSSAC and from ICANN on this report, and addressed all of them.
Attached please find a revised version of the document. The major changes in this revision are:
1) moved the problem statement to the introduction to properly motivate the discussion. 2) added a section describing lab experiment to prove the signature validity problem can really happen. 3) explained the (rare) conditions under which signature validity problems could occur. 4) added caucus member’s input on mitigation options. 5) editorial changes through out the document for factual corrections.
Please see four documents:
1) clean, REDLINE (word and PDF) version of the latest advisory. 2) a document listing how each comments are addressed by the editors.
With that, thank you very much for your input. Please let us know if there are any additional feedback that you have on this document. Duane will solicit further feedback from root server operators. Our goal is to finalize this document by IETF 93 and send it to RSSAC for action.
Best, Steve
_______________________________________________ rssac-caucus mailing list rssac-caucus@icann.org https://mm.icann.org/mailman/listinfo/rssac-caucus
-- Daniel Migault Ericsson 8400 boulevard Decarie Montreal, QC H4P 2N2 Canada Phone: +1 514-452-2160
participants (2)
-
Daniel Migault -
Steve Sheng