1. Trust Anchor Update Requirements for DNSSEC Russ Mundy mundy@sparta.com, mundy@tislabs.com for the editors Steve Crocker, Howard Eland, Russ Mundy

2. 21 Mar 06IETF-65/dnsext Rollover Req mundy@tislabs.com 2 Short Background Multiple proposals ‘on the table’ for trust anchor rollover During dnsext meeting at IETF-64, working group decided that various proposals were solving different problems –We need a Requirements Document Editors Volunteered –WG Co-chairs directed WG to send trust anchor rollover requirements directly to editors

3. 21 Mar 06IETF-65/dnsext Rollover Req mundy@tislabs.com 3 Short Background (cont.) Small number of requirements stated at Vancouver WG meeting Editors’ “ground rules” –Editors would not look at any proposed solutions while creating the ID –Editors would not include any of their requirements in the 00 ID Editors received very few requirements inputs after the meeting

4. 21 Mar 06IETF-65/dnsext Rollover Req mundy@tislabs.com 4 Short Background (cont.) The editors were LATE producing the document (sorry) Individual requirements ID was published a short time before the initial WG ID was complete

5. 21 Mar 06IETF-65/dnsext Rollover Req mundy@tislabs.com 5 Rollover Req Current State Two requirements documents published as ID’s –Much discussion of WG ID on the list 10 requirements identified in WG ID 100 messages since 21 Feb announcement of ID Initial discussion centered ‘completeness’ of ID –Comments about definitions containing requirements –Hilarie Orman provided contrast with individual ID Approximately 90 messages dealing with one issue Small number (~10) messages related to another requirement

6. 21 Mar 06IETF-65/dnsext Rollover Req mundy@tislabs.com 6 Rollover Req Current State (cont.) Individual submission ID published shortly before WG ID –ID lists 10 requirements –Compare & contrast later in presentation –Small amount of discussion on the list Comments made centered on concerns about the availability &/or encumbrance of takrem

7. 21 Mar 06IETF-65/dnsext Rollover Req mundy@tislabs.com 7 WG ID Requirements State 5.1 Scalability –no discussion –text may be acceptable 5.2 No Intellectual Property Encumbrance –HUGE amount of discussion –Seem to have sufficient words 5.3 General Applicability –minimal discussion –text may be acceptable

8. 21 Mar 06IETF-65/dnsext Rollover Req mundy@tislabs.com 8 WG ID Requirements State (cont.) 5.4 Support Private Networks –no discussion –text may be acceptable 5.5 Support Reconnecting Systems –minimal discussion - length of time needed to support re-connecting off-line systems needs to be decided –descriptive text may be acceptable

9. 21 Mar 06IETF-65/dnsext Rollover Req mundy@tislabs.com 9 WG ID Requirements State (cont.) 5.6 Manual Operations Permitted –Moderate amount of discussion –Not clear if current text captures requirement –May result in more than one requirement particularly WRT ‘mandatory to implement’ 5.7 Planned and Unplanned Rollovers –minimal discussion –text may be acceptable

10. 21 Mar 06IETF-65/dnsext Rollover Req mundy@tislabs.com 10 WG ID Requirements State (cont.) 5.8 Timeliness –no discussion –text may be acceptable 5.9 High Availability –no discussion yet but some is needed –basic text may be acceptable 5.10 New RR Types –no discussion yet but some is needed –basic text may be acceptable

11. WG Rollover Requirements Summary Req # Concept & Details Probably Okay Concept Okay - Details Need Work Requirement Needs Work 5.1X 5.2X 5.3X 5.4X 5.5X 5.6X 5.7X 5.8X 5.9X 5.10X

12. 21 Mar 06IETF-65/dnsext Rollover Req mundy@tislabs.com 12 WG ID General Comments Comment: “Definitions contain embedded requirements” –Response: May be correct but content of definitions was developed by the editors who: Avoided putting their own requirements in ID needed more terminology than was defined in RFC 4033 –Text provided already will be included in 01

13. 21 Mar 06IETF-65/dnsext Rollover Req mundy@tislabs.com 13 General Comment Comment: Comparison of Individual ID & WG ID by Hilarie Orman –Each document has good points –Neither document is complete Response: Desires of WG are not clear –Minimal discussion on list WRT comparison –No statements of support or opposition to suggestion that requirements are “incomplete”

14. 21 Mar 06IETF-65/dnsext Rollover Req mundy@tislabs.com 14 General Comment (cont.) Tried to extract specific requirements from individual ID but didn’t succeed: –Not clear that Hilarie’s abstraction matched author’s intent for the requirement –ID describes & defines a number of operational practices that are normally ‘local policy’ in IETF specifications –ID seems to define security requirements that extend well beyond trust anchor rollover These may be needed but that’s beyond the scope of the current Trust Anchor rollover requirements document –Usage of some terms seems inconsistent with RFC-4033

15. 21 Mar 06IETF-65/dnsext Rollover Req mundy@tislabs.com 15 General Comment (cont.) Seeking input from the WG: –Do folks see requirements in the individual ID that should be included in the WG ID? Are folks willing to provide text? –From a broader perspective, do folks believe there are requirements that are not currently in the WG ID? (Personal comment, I really think there must be but as an editor, I don’t want to ‘invent’ them)

16. 21 Mar 06IETF-65/dnsext Rollover Req mundy@tislabs.com 16 What’s Next? Publish an 01 version that incorporates current revisions –Hoping to send 01 to ID editor by the end of next week Plea from the editors for more discussion on current or new requirements –Discussion on one challenging requirement seems to have consensus –There are currently nine others that we need to be sure we reach consensus on quickly. If you like some requirement &/or wording, say so If you don’t, say that also but please provide text

17. Other Comments, Questions or Suggestions?

18. 21 Mar 06IETF-65/dnsext Rollover Req mundy@tislabs.com 18 Other Comments, Questions or Suggestions?