About RIPE | Contact  | Search | Sitemap    
Homepage RIPE  
RIPE Community Mail Archives
search  
     
Next Sectionyou are here: RIPE -> RIPE Maillists > Archives
RIPE Navigation Ends
About RIPE Maillists
Maillists Archive
Global Lists
Non Active Lists
RIPE NCC Navigation Ends
Next Section
<<< Chronological >>> Author Index    Subject Index <<< Threads >>>

[dns-wg] NTIA and RIPE

  • From: Patrik Fältström paf@localhost
  • Date: Wed, 29 Oct 2008 15:01:19 +0400
  • Authentication-results: ams-dkim-2; header.From=paf@localhost dkim=pass ( sig from cisco.com/amsdkim2001 verified; );
  • Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; l=1375; t=1225278101; x=1226142101; c=relaxed/simple; s=amsdkim2001; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=paf@localhost z=From:=20=3D?ISO-8859-1?Q?Patrik_F=3DE4ltstr=3DF6m?=3D=20<p af@localhost |Subject:=20NTIA=20and=20RIPE |Sender:=20; bh=f2hanqjvPbz93AZ+y5OevNgWpr5wv2vg10W/eLQMKd0=; b=ux/pk807U6HIlG6C/2n2UeuIwNsgUPyESCWXvvDyYmaqC7hdHvE2Ggj61v AQTEvLtSa9PVRiuBrlccw/yy9JgzpEZdPnnodjCn9fTjdQkozhCGMsKWmB3r YzDwZmkPoT;
On request, now as text. The original is the PDF though, so I do not guarantee this version is exactly like the current version on PDF. I hope so though! 

   Patrik -- that missed lunch...see some of you in the desert

RIPE and NTIA
29th of October 2008
A - DNSSEC is about data authenticity and integrity and not about control.
B - The addition of DNSSEC to the root zone must be recognised as a global initiative.
C - Addition of DNSSEC must be done in a way that the deployment of DNS is not at risk. 

D - Deployment should be done in a timely but not hasty manner.
E - Any procedural changes introduced by DNSSEC should be aligned with the process for coordinating changes to and the distribution of the root zone.
F - Policies and processes for signing the root zone should make it easy for TLDs to participate.
G - There is no technical justification to create a new organisation to oversee the process of signing of the root.
H - No data should be moved between organisations without appropriate authenticity and integrity checking.
I - The public part of the KSK must be distributed as widely as possible.
J - The organisation that creates the zone file must hold the private part of the ZSK.
K - Changes to the entities and roles in the signing process must not require a change of keys.
Post To The List:

Replies

<<< Chronological >>> Author    Subject <<< Threads >>>
 

Next Section
     About RIPE | Site Map | LIR Portal | About the RIPE NCC | Contact | Copyright Statement
RIPE.NET Homepage LIR Portal RIPE Community