After weeks of work discussing and addressing the concerns our
community have raised about the DNSSEC Practice Statement for .nz,
we’d like to present a new version of the document.
Version 1.1 is available at https://registry.internetnz.nz/dns/dnssec/dps/
The changes between Version 1.0 and Version 1.1 are posted at
https://registry.internetnz.nz/dns/dnssec/dps/ and also includes the
previous version in PDF format.
Minor changes have been made throughout the document.
The following sections have been updated with more information as
requested by the community
1.4. Document Management
4.1. Site Controls
4.3.3. Trusted individuals
4.4.5. Vulnerability assessments
4.6.1. Incident Detection and compromise handling procedures
7.1. Frequency of entity compliance audit
For the following sections we have made changes to our design to address
the concerns raised by the community
6.1. Key lengths and algorithms
4.3.1. Trusted roles
4.3.2. Number of persons required per task
We are still working on the Key Pair Generation procedures and it is our
intention to update that part of the DPS in the coming weeks and to also
publish more technical details on the Key Pair Generation Procedure. The
technical details will be released as a separate document that will also
include details of the scripts used.
The intention of the DPS document is to assist you in determining the
level of trust that you may assign to DNSSEC in the .nz domain and for
you to assess your own risk.
We’d like to encourage discussion around this new version of the
document. Please feel free to ask any questions about the DPS or provide
any suggestions for improvements to the document.