About RIPE | Contact  | Search | Sitemap    
Homepage RIPE  
RIPE Community Mail Archives
search  
     
Next Sectionyou are here: RIPE -> RIPE Maillists > Archives
RIPE Navigation Ends
About RIPE Maillists
Maillists Archive
Global Lists
Non Active Lists
RIPE NCC Navigation Ends
Next Section
<<< Chronological >>> Author Index    Subject Index <<< Threads >>>

Re: [dns-wg] DNSSEC Policy Development Process

  • To: Edward Lewis <
    >
  • From: Randy Bush <
    >
  • Date: Fri, 26 Aug 2005 10:26:28 -1000
  • Cc: Jim Reid <
    >, Marcos Sanz/Denic <
    >, 
>>>  Is .arpa signed?
>> No. But it should be orders of magnitude easier to do that than get 
>> DLV to fly.
>> :-) In principle IAB could sign .arpa tomorrow, assuming someone was able
>> and willing to hold its KSKs.
> Don't forget "in-addr.arpa." and "ip6.arpa." - they delegate some of 
> NCC's zones.

and don't forget that this does not scale.

manual coordination to maintain trusted keys for 292 tlds just
does not work.  and that assumes that the tlds are signed, not
counting all the thrid and ninth level zones that make noise
when the zones above them are not signed.

this does not fly until the root is signed.  and that does not
fly until there is a key management plan and technology for it.

randy
Post To The List:

Replies

Message References

<<< Chronological >>> Author    Subject <<< Threads >>>
 

Next Section
     About RIPE | Site Map | LIR Portal | About the RIPE NCC | Contact | © RIPE Community. All rights reserved.
RIPE.NET Homepage LIR Portal RIPE Community