[DNSOP] Re: Call for adoption: draft-fobser-dnsop-dnssec-keyrestore-01 (Ends 2026-02-27)

Fri, 13 Feb 2026 13:26:27 -0800 

Hi  -
I do not support adoption of this draft.  It appears to be a solution in search of a problem and a very complex solution as far as that goes.  Among other things, the chances of a private key becoming unavailable during its lifetime given reasonable operational practices approaches zero.  Spending WG time on this does not appear to be a good investment of the groups time. 

Mike




On 2/13/2026 07:07, Peter Thomassen via Datatracker wrote:

This message starts a dnsop WG Call for Adoption of:
draft-fobser-dnsop-dnssec-keyrestore-01

This Working Group Call for Adoption ends on 2026-02-27

Abstract:
    This document describes the issues surrounding the handling of DNSSEC
    private keys in a DNSSEC signer.  It presents operational guidance in
    case a DNSSEC private key becoming inoperable.

Discussion Venues

    This note is to be removed before publishing as an RFC.

    Discussion of this document takes place on the Domain Name System
    Operations Working Group mailing list ([email protected]), which is
    archived at https://mailarchive.ietf.org/arch/browse/dnsop/.

    Source for this draft and an issue tracker can be found at
    https://github.com/fobser/draft-fobser-dnsop-dnssec-keyrecovery.

Please reply to this message and indicate whether or not you support adoption
of this Internet-Draft by the dnsop WG. Comments to explain your preference
are greatly appreciated. Please reply to all recipients of this message and
include this message in your response.

Authors, and WG participants in general, are reminded of the Intellectual
Property Rights (IPR) disclosure obligations described in BCP 79 [2].
Appropriate IPR disclosures required for full conformance with the provisions
of BCP 78 [1] and BCP 79 [2] must be filed, if you are aware of any.
Sanctions available for application to violators of IETF IPR Policy can be
found at [3].

Thank you.
[1] https://datatracker.ietf.org/doc/bcp78/
[2] https://datatracker.ietf.org/doc/bcp79/
[3] https://datatracker.ietf.org/doc/rfc6701/

The IETF datatracker status page for this Internet-Draft is:
https://datatracker.ietf.org/doc/draft-fobser-dnsop-dnssec-keyrestore/

There is also an HTML version available at:
https://www.ietf.org/archive/id/draft-fobser-dnsop-dnssec-keyrestore-01.html

A diff from the previous version is available at:
https://author-tools.ietf.org/iddiff?url2=draft-fobser-dnsop-dnssec-keyrestore-01

_______________________________________________
DNSOP mailing list -- [email protected]
To unsubscribe send an email to [email protected]



_______________________________________________
DNSOP mailing list -- [email protected]
To unsubscribe send an email to [email protected]






















					Reply via email to