[dnssec-key-tf] requirement for "empty TA"?

Previous message: [dnssec-key-tf] requirement for "empty TA"?

Next message: [dnssec-key-tf] requirement for "empty TA"?

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Jim Reid
Mon Jun 9 11:42:17 CEST 2008

On 9 Jun 2008, at 09:59, Peter Koch wrote:

> there's a difference between the TLD registry not submitting a key,  
> so there's
> no statement in the TAR and the TLD registry explicitly saying the  
> TLD is
> unsigned, so there must not be a key.

IMO, a TAR can't ever say a TLD is unsigned*. That would be making a  
subjective and possibly political judgement that is best avoided. A  
TAR can say "I don't know of a TA for this TLD" or even "there might  
be a TA for it at some other TAR". But that's it.

*And yes, I know that if the TA is invalid or has expired, the TAR  
could be saying a TLD is unsigned because the TAR knows it doesn't  
have a valid key for the TLD any more. But this takes the thread  
meandering off in a far too theoretical direction. It's like wondering  
whether a tree falling in forest makes  sound if no-one is there to  
hear it.
Do we really need to bother about such hypotheticals?

Previous message: [dnssec-key-tf] requirement for "empty TA"?

Next message: [dnssec-key-tf] requirement for "empty TA"?

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

[ Dnssec-key-tf Archive ]