[dns-wg] root zone signing
- Previous message (by thread): [dns-wg] root zone signing
- Next message (by thread): [dns-wg] root zone signing
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Doug Barton
dougb at dougbarton.us
Mon Oct 20 20:53:12 CEST 2008
bmanning at vacation.karoshi.com wrote: > On Mon, Oct 20, 2008 at 05:26:12PM +0100, Jim Reid wrote: >> I appreciate that some people will feel that legal agreements are an >> unavoidable consequence of signing. However that's a matter between >> the each TLD (and its government?) and those co-ordinating the root. >> There are no technical grounds for parent and child zones to have a >> legal agreement underpinning their use of DNSSEC. So if a TLD wants to >> have a signed delegation, they can do that with or without an >> agreement or anything that could be viewed as an acceptance of the way >> the root is managed today. If a TLD doesn't want to have a signed >> delegation, then they don't have to. Nobody's being compelled to do >> anything they don't want. > > well... as Lutz has demostrated, its often difficult to > have a signed delegation and also be able to restrict whom > picks up your DNSKEY and plops it into their version of the parent > delegation. DNSKEY is just a Resource Record, just like NS. The same arguments apply to both, with equal meaning technically. People are applying meaning to DNSSEC-related stuff that it does not actually have. For some reason you are adding fuel to that fire. Doug
- Previous message (by thread): [dns-wg] root zone signing
- Next message (by thread): [dns-wg] root zone signing
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ dns-wg Archives ]