This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/[email protected]/

[dns-wg] DNSSEC Policy Development Process

Previous message (by thread): [dns-wg] DNSSEC Policy Development Process
Next message (by thread): [dns-wg] DNSSEC Policy Development Process

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Marcos Sanz/Denic sanz at denic.de
Tue Aug 23 17:52:06 CEST 2005

Jim,

> I personally think the reference to DLV needs to be replaced with
> something more generic

I concur.

> So from that perspective, it may be better if the text in the
> proposal was made more generic. Perhaps it should say something like
> "The NCC would consider publishing its KSKs in appropriate registries
> that may emerge to facilitate the establishment of DNSSEC trust
> anchors"?

I don't think that would be even necessary. The document already states "
Maintenance of these keys is a process that does not scale well. We are 
working to come up with a solution to this issue."

> how about establishing a trust anchor for .arpa
> and have the NCC's KSKs signed by that? 

Is .arpa signed?

Regards,
Marcos

Previous message (by thread): [dns-wg] DNSSEC Policy Development Process
Next message (by thread): [dns-wg] DNSSEC Policy Development Process

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

[ dns-wg Archives ]