This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/[email protected]/
[dns-wg] Re: Another DNSSEC action: add your DS to DLV (Was: NTIA NoI: does anyone care?
- Previous message (by thread): [dns-wg] Re: Another DNSSEC action: add your DS to DLV (Was: NTIA NoI: does anyone care?
- Next message (by thread): [dns-wg] Re: Another DNSSEC action: add your DS to DLV (Was: NTIA NoI: does anyone care?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
David Conrad
drc at virtualized.org
Sat Oct 25 18:37:01 CEST 2008
Stephane, On Oct 24, 2008, at 7:03 AM, Stephane Bortzmeyer wrote: >> IANA is planning on announcing the beta version of the IANA interim >> trust anchor repository during the upcoming RIPE meeting. > ITAR won't replace DLV because (correct me if I'm wrong), it will work > only for TLDs. It is true that IANA's iTAR will only accept trust information for TLDs. If the Internet community wants the IANA to support a more generalized TAR, I would think the normal course of action would be for DNSOP to put out an RFC with an IANA considerations section telling IANA what to do. > EVEN IF THE ROOT IS SIGNED, we still need DLV. I would agree that we will likely need some mechanism to distribute trust anchors for the various islands of trust that will continue to exist even after the root is signed. I will not go so far as to say we need DLV which I personally believe is non-scalable, non-standard, and imputes a highly questionable trust model into _every_ non-cached DNS lookup (sigh, another broken resolution). > I manage sources.org. Without DLV, I would need signature of the > root AND of ".org" As you may be aware, PIR has already announced they're planning on signing .ORG. Based on empirical evidence, I suspect .ORG will be signed (and in the iTAR) before the root is signed. > AND cooperation from my registrar (which still does not > allow AAAA glue, I wonder how long it will take them for allowing DS). You might want to consider changing registrars. Regards, -drc
- Previous message (by thread): [dns-wg] Re: Another DNSSEC action: add your DS to DLV (Was: NTIA NoI: does anyone care?
- Next message (by thread): [dns-wg] Re: Another DNSSEC action: add your DS to DLV (Was: NTIA NoI: does anyone care?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ dns-wg Archives ]