This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/[email protected]/

[dns-wg] DNSSEC Policy Development Process

Previous message (by thread): [dns-wg] DNSSEC Policy Development Process
Next message (by thread): [dns-wg] DNSSEC Policy Development Process

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Randy Bush randy at psg.com
Fri Aug 26 22:26:28 CEST 2005

>>>  Is .arpa signed?
>> No. But it should be orders of magnitude easier to do that than get 
>> DLV to fly.
>> :-) In principle IAB could sign .arpa tomorrow, assuming someone was able
>> and willing to hold its KSKs.
> Don't forget "in-addr.arpa." and "ip6.arpa." - they delegate some of 
> NCC's zones.

and don't forget that this does not scale.

manual coordination to maintain trusted keys for 292 tlds just
does not work.  and that assumes that the tlds are signed, not
counting all the thrid and ninth level zones that make noise
when the zones above them are not signed.

this does not fly until the root is signed.  and that does not
fly until there is a key management plan and technology for it.

randy

Previous message (by thread): [dns-wg] DNSSEC Policy Development Process
Next message (by thread): [dns-wg] DNSSEC Policy Development Process

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

[ dns-wg Archives ]