This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/dns-wg@ripe.net/
[dns-wg] NTIA and RIPE
- Previous message (by thread): [dns-wg] NTIA and RIPE
- Next message (by thread): [dns-wg] Planned maintenance for ns.ripe.net, 4 November 08
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Richard Lamb
richard.lamb at icann.org
Thu Oct 30 16:27:33 CET 2008
Thank you for the clarification. I agree with your interpretation completely. A link to the dns-wg archives in whatever statement comes out of this would be useful to avoid misinterpretation of any of the items. Sorry for being such an engineer in my comments. Having been a part of the (relatively minor) politics, it seems we should just go for the most secure engineering solution. Guess I have a lot to learn. -Rick -----Original Message----- From: dns-wg-admin at ripe.net [mailto:dns-wg-admin at ripe.net] On Behalf Of Shane Kerr Sent: Thursday, October 30, 2008 5:13 AM To: Richard Lamb Cc: dns-wg at ripe.net Subject: Re: [dns-wg] NTIA and RIPE On Wed, 2008-10-29 at 15:15 -0700, Richard Lamb wrote: > > > > E - Any procedural changes introduced by DNSSEC should be aligned with the > > process for coordinating changes to and the distribution of the root zone. > > > >In some interpretations of B & E, these two could be conflicting. I.e., B implies > >that the current state of root zone management is too centered in the US, E evokes > >a message encouraging the status quo. > > > >Mind you - I am not commenting on B or E, but my reading of the two leaves come > >confusion in my mind. Perhaps I am misunderstanding B and/or >E as it is presented > >here. > > I take B to mean we want the global Internet community to use and trust it. > ..and yes control and operation that is less US centric. > > Thank you for "translating" E. It does evoke the current state of > affairs which unfortunately do not best serve DNSSEC (even envisioned > in [1]) and contradictory with B. I dont believe anyone is suggesting > changing the current distribution mechnism for the root zone...only > changing the creation of that zone to secure it and its new contents > effectively. The how and who should be up to the community the root > serves. > > IMHO E needs to be removed. > > It refers to a "process" that is by no means favored by the whole > community nor frozen in stone. Why build it into DNSSEC? I have yet > to understand the drivers behind E as there are any number of ways to > achieve the same "balance" while simlifying and securing the process. > Given the will, making such changes does not take a long time. In a > previous life in government I have seen greater issues settled, > contracts written, and even $$ doled out in less than a month. All > depended on what level pressure is applied. > > Its your root. Design it and make sure it is what you want. IIRC, the idea is that adding DNSSEC is independent of any changes to the root system. DNSSEC is largely technical. Reform of the root system is largely political. The two should not be entangled any more than is necessary. This can only result in slowing one or the other down, and confusing what should be viewed as separate goals. Nothing in any of these points should suggest that the process of signing the root cannot be changed. Quite the opposite! If the way the root zone is managed changes, then item E actually means that the signing process should change right along with it. -- Shane
- Previous message (by thread): [dns-wg] NTIA and RIPE
- Next message (by thread): [dns-wg] Planned maintenance for ns.ripe.net, 4 November 08
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ dns-wg Archives ]