[dnssec-key-tf] agreements on the use of the repository

Previous message: [dnssec-key-tf] agreements on the use of the repository

Next message: [dnssec-key-tf] agreements on the use of the repository

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Jim Reid
Fri Sep 7 15:15:20 CEST 2007

On Sep 7, 2007, at 13:33, Peter Koch wrote:

> If we start with someone else but IANA, how would this entity  
> authenticate
> the TLD contact?

Peter what makes you think IANA can authenticate the TLD contact?  
Very few ccTLDs have signed agreements with ICANN/IANA. And even when  
there is an agreement in place, the authentication is at best flimsy.  
I got .tel into the root with nothing more than a handful of plain  
text emails: no PGP signatures, no certificates, nada. One of those  
emails included a template that told IANA where they were to send  
their email about delegation matters. The whole process was much more  
lightweight than getting the NCC to redelegate some chunk of in- 
addr.arpa.

I think this key repository needs to have some sort of self- 
authenticating bootstrap. ie IF you lodge some private key with the  
repository AND there's a corresponding public key for that in the TLD  
zone file THEN the repository trusts you. For some definition of trust.

Previous message: [dnssec-key-tf] agreements on the use of the repository

Next message: [dnssec-key-tf] agreements on the use of the repository

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

[ Dnssec-key-tf Archive ]