This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/dns-wg@ripe.net/
[dns-wg] revised text for NTIA response - v4
- Previous message (by thread): [dns-wg] revised text for NTIA response - v4
- Next message (by thread): [dns-wg] revised text for NTIA response - v4
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
bmanning at vacation.karoshi.com
bmanning at vacation.karoshi.com
Mon Nov 3 17:22:39 CET 2008
On Mon, Nov 03, 2008 at 04:12:02PM +0000, Jim Reid wrote: > On Nov 3, 2008, at 16:05, bmanning at vacation.karoshi.com wrote: > > >>10. The organisation that generates the root zone file must hold the > >>private part of the zone signing key. > >> > > > > the imperative in this point is made with zero justification. > > why the "must hold"? > > Well, it will be hard to sign the root if the entity that generates > the zone hasn't got access to the private part of the ZSK. thats hardly true - unless the presumptive argument is that the generator also signs. going w/ your earlier thread, the pragmatic approach (get the zoen signed this decade) is exactly down that line of argument. I, however, am taking a slightly divergent POV. I think it si required to create a third party to generate/hold/use the keys (some blend of options #3 and #6 in the graphics) a strictly technical solution would be to eliminate two of the three parties currently involved. there is no technical reason things are structured they way they are today. there are sound political reasons to create a new structure, one that does not assemble the data or publish the data but simply attests to the data. anyway, point 10 woudl be clearer if the reason fo rthe must was made explicit. --bill
- Previous message (by thread): [dns-wg] revised text for NTIA response - v4
- Next message (by thread): [dns-wg] revised text for NTIA response - v4
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ dns-wg Archives ]