[dns-wg] revised text for NTIA response - v4

On Mon, Nov 03, 2008 at 04:12:02PM +0000, Jim Reid wrote:
> On Nov 3, 2008, at 16:05, bmanning at vacation.karoshi.com wrote:
> 
> >>10. The organisation that generates the root zone file must hold the
> >>private part of the zone signing key.
> >>
> >
> >	the imperative in this point is made with zero justification.
> >	why the "must hold"?
> 
> Well, it will be hard to sign the root if the entity that generates  
> the zone hasn't got access to the private part of the ZSK.

	thats hardly true - unless the presumptive argument is
	that the generator also signs.

	going w/ your earlier thread, the pragmatic approach (get the
	zoen signed this decade) is exactly down that line of argument.

	I, however, am taking a slightly divergent POV. I think it si
	required to create a third party to generate/hold/use the keys
	(some blend of options #3 and #6 in the graphics)

	a strictly technical solution would be to eliminate two of the
	three parties currently involved.  there is no technical reason
	things are structured they way they are today.

	there are sound political reasons to create a new structure, one that
	does not assemble the data or publish the data but simply attests
	to the data.

	anyway, point 10 woudl be clearer if the reason fo rthe must was 
	made explicit.



--bill