[dnssec-key-tf] requirement for "empty TA"?

Next message: [dnssec-key-tf] requirement for "empty TA"?

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Peter Koch
Sun Jun 8 23:24:35 CEST 2008

Folks,

our job is basically done and the letter to IANA eventually on its way,
but since we're all here, here's an idea for an additional requirement:

Inspired by the RSTEP report on PIR's ORG signing proposal, should
the TAR differentiate between "no TA present" and "no TA exists"?
The TAR, even the IANA one, will likely not claim to be exhaustive
since it is opt-in only. However, when a TA is removed from the TAR,
the consuming validator has no idea what to to with that particular
TLD. It could continue to use the old TA, assuming that the distribution
channel was just abandoned or it could remove the TA from its configuration.
So, without assessing the PIR exit strategy, would it be a resonable
additional requirement for the TAR to allow for a NUL TA that means
"no TA here" or "TA deliberately revoked"?

-Peter

Next message: [dnssec-key-tf] requirement for "empty TA"?

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

[ Dnssec-key-tf Archive ]