[dns-wg] Re: Another DNSSEC action: add your DS to DLV (Was: NTIA NoI: does anyone care?

Stephane,

On Oct 24, 2008, at 7:03 AM, Stephane Bortzmeyer wrote:
>> IANA is planning on announcing the beta version of the IANA interim
>> trust anchor repository during the upcoming RIPE meeting.
> ITAR won't replace DLV because (correct me if I'm wrong), it will work
> only for TLDs.

It is true that IANA's iTAR will only accept trust information for  
TLDs.  If the Internet community wants the IANA to support a more  
generalized TAR, I would think the normal course of action would be  
for DNSOP to put out an RFC with an IANA considerations section  
telling IANA what to do.

> EVEN IF THE ROOT IS SIGNED, we still need DLV.

I would agree that we will likely need some mechanism to distribute  
trust anchors for the various islands of trust that will continue to  
exist even after the root is signed.  I will not go so far as to say  
we need DLV which I personally believe is non-scalable, non-standard,  
and imputes a highly questionable trust model into _every_ non-cached  
DNS lookup (sigh, another broken resolution).

> I manage sources.org. Without DLV, I would need signature of the  
> root AND of ".org"

As you may be aware, PIR has already announced they're planning on  
signing .ORG.  Based on empirical evidence, I suspect .ORG will be  
signed (and in the iTAR) before the root is signed.

> AND cooperation from my registrar (which still does not
> allow AAAA glue, I wonder how long it will take them for allowing DS).

You might want to consider changing registrars.

Regards,
-drc