This is a discussion on Re: Implementation work done on DNSSEC trust anchor key rollover solution - DNS ; # In the solution space for trust anchor key rollover, there are two # individual Internet drafts: # # http://www.ietf.org/internet-drafts/...sdda-rr-01.txt # http://www.ietf.org/internet-drafts/...rem-dns-01.txt and there's the mstjohns draft, and the ihren/kolkman draft, and my slides which i may yet turn into ...
# In the solution space for trust anchor key rollover, there are two
# individual Internet drafts:
and there's the mstjohns draft, and the ihren/kolkman draft, and my slides
which i may yet turn into a draft, and the unpublished "requirements draft".
# Implementation work has been done, so that updated software tools are now
# available (GPL'ed free software). See
to reiterate from the most recent dnsext meeting, GPL isn't adequate for ISC
nor for any member of the BIND Forum who has spoken up or been asked about
it. unless takrem's specification is released without IPR limitations, so
that dnsext can rewrite it any way they want to and implementors can put it
into products without worrying about patents or licensing, we'll ignore it.
# This update includes a complete solution for DNS zone management
# procedures (i.e. trust anchor key management and DNS authoritative
# nameserver operations), and an API for TAKREM support in DNSSEC-aware
# resolver software.
truly, the quality of this implementation sounds very high indeed. it's a
shame that the IPR limitations on takrem have poisoned it before the outset.
# The software development planning aspects are covered in two documents,
# respectively for the server side at
# http://www.connotech.com/trustanchfoundry_09.pdf and the client side at
# If the DNSSEC security services are important enough to deserve good
# trust anchor key procedures, here they are.
they are that important, but takrem has self-deselected from the solution
space for non-quality reasons.
i admire the heck out of the document and implementation quality, and the
marketing push behind it. but there are other workable solutions which do
not depend on patented technology, and speaking now as president of ISC, as
an implementor of BIND, and as a member of the DNS protocol development
community, i am committed to helping bringing about an IPR-free solution.
which means, apparently, that i have to turn my slide set into an I-D -- the
WG's plan for a requirments draft having now fallen by the wayside, it's a
going to be free for all and i need to get my own dog into this fight. (sad.)
to unsubscribe send a message to firstname.lastname@example.org with
the word 'unsubscribe' in a single line as the message text body.