[dns-wg] RIPE NCC DNSSEC trust anchors

On 18 Nov 2014, at 08:22, Romeo Zwart <romeo.zwart at ripe.net> wrote:

> There was an explicit suggestion on the list about using ripe.int as a
> 'lever' to get .int signed, hence my comment.

I think you are mistaken Romeo. Peter asked some meta issues on policy and procedural matters around the signing of .int: ie who is the governing body for the TLD and needs to be done to get them to sign it. He did not ask for the TLD to be signed. AFAICT nobody on the list has explicitly asked to get .int signed.

Anyways, this is somewhat off-point. Although it would be good to know the answer to those questions, it belongs in another thread.

Could we please return to the matter at hand:

[1] What DNS/web/whatever traffic goes to ripen.cc? If it's low, can this be killed? When?

[2] When was the utility of its DLV entry last assessed? What's the exit strategy for that? How often does its DLV name get validated and by whom/what?

[3] What DNS/web/whatever traffic goes to ripe.int? If it's low, can this be killed? When?

[4] When was the utility of its DLV entry last assessed? What's the exit strategy for that? How often does its DLV name get validated and by whom/what?

[5] What's the NCC's overall exit strategy for DLV?

FWIW I have still not seen any valid reason or meaningful daya explaining why the NCC still uses DLV.