On 06/10/2011 01:27 PM, Dean Pemberton wrote:
On 10/06/11 9:51 AM, Michael Newbery wrote:
Very true, and the reason I'm far less interested in deeper background checks on the officers and more in favour of processes that reduce the vulnerability to the suborning of a single or even two officers.
That seems as good a time as any to address one of the other issues.
You mentioned in one of your earlier emails "What ensures that the processes are followed?" I've also suggested that there be TCRs at least present if not involved.
Might it help if Jay/Sebastian posted as much detail as they feel comfortable with around the proposed processes (a script would be great) and then people can give feedback.
By the moment we are not comfortable sharing the Key Generation script because is not in Production-Ready state. We will publish the document before generating the keys though. I'd like to clarify the Key Generation process, from its inception, includes the presence of External Witnesses. This is inspired by the Key Ceremony script used for the root zone, but with the adjustment needed to suit our needs and specific deployment. Cheers,
Regards Dean
_______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog
-- Sebastian Castro DNS Specialist .nz Registry Services (New Zealand Domain Name Registry Limited) desk: +64 4 495 2337 mobile: +64 21 400535