[dnssec-key-tf] agreements on the use of the repository

On Thu, 13 Sep 2007, Daniel Karrenberg wrote:

> Fully agree with all your points but this one:
>
> On 12.09 19:23, Sam Weiler wrote:
>>
>> Location: we should be talking about a service to be run by the NCC.
>> Even if IANA does (or might someday) run such a service, redundancy is
>> useful.
>
> We need to have good arguments for that, because at the last RIPE meeting
> there was considerable push-back and I thought that this push-back
> was due to many people thinking that IANA should do this if they
> cannot get the signing done. The thinking behind that was that
> IANA already has the agreements and relationships in place to do this,
> i.e. authenticate TLD admins. The RIPE NCC would have to build these
> relationships. Not that it is difficult but it is another duplication.
> Whether this can be sold as good redundancy is a qestion.

When I wrote that paragraph, I had been inspired by this text from 
you:

> Location: very preferably IANA itself.  If that ccannot be achieved
> RIPE NCC requiring simple MoUs with each TLD concerned. Explicit 
> intention by RIPE NCC to turn service over to IANA when IANA is 
> ready to perform it.

I think we would be well served to not fret too much about the distant 
future (e.g. "when IANA is ready") and instead focus on "what do we 
want today".

I'm a fan of IANA running a TAR (trust anchor repository), and I'm
happy to see RIPE ask IANA to do so.  (I'm also trying to get the IETF 
to instruct IANA to run one via the dlv-iana draft.)

But if that's our only path forward, we risk having IANA drop the 
ball, which doesn't serve the community.  I think we're best served 
by, in parallel, asking IANA to run a TAR and setting one up at the 
NCC.

Would it be most productive for this task force to focus on the 
NCC-run option for the moment?

-- Sam