This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/dns-wg@ripe.net/
[dns-wg] root zone signing
- Previous message (by thread): [dns-wg] root zone signing
- Next message (by thread): [dns-wg] root zone signing
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Doug Barton
dougb at dougbarton.us
Mon Oct 20 20:53:12 CEST 2008
bmanning at vacation.karoshi.com wrote: > On Mon, Oct 20, 2008 at 05:26:12PM +0100, Jim Reid wrote: >> I appreciate that some people will feel that legal agreements are an >> unavoidable consequence of signing. However that's a matter between >> the each TLD (and its government?) and those co-ordinating the root. >> There are no technical grounds for parent and child zones to have a >> legal agreement underpinning their use of DNSSEC. So if a TLD wants to >> have a signed delegation, they can do that with or without an >> agreement or anything that could be viewed as an acceptance of the way >> the root is managed today. If a TLD doesn't want to have a signed >> delegation, then they don't have to. Nobody's being compelled to do >> anything they don't want. > > well... as Lutz has demostrated, its often difficult to > have a signed delegation and also be able to restrict whom > picks up your DNSKEY and plops it into their version of the parent > delegation. DNSKEY is just a Resource Record, just like NS. The same arguments apply to both, with equal meaning technically. People are applying meaning to DNSSEC-related stuff that it does not actually have. For some reason you are adding fuel to that fire. Doug
- Previous message (by thread): [dns-wg] root zone signing
- Next message (by thread): [dns-wg] root zone signing
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ dns-wg Archives ]