[dns-wg] root zone signing

Doug Barton wrote:
> bmanning at vacation.karoshi.com wrote:
>   
>> On Mon, Oct 20, 2008 at 05:26:12PM +0100, Jim Reid wrote:
>>     
>>> I appreciate that some people will feel that legal agreements are an  
>>> unavoidable consequence of signing. However that's a matter between  
>>> the each TLD (and its government?) and those co-ordinating the root.  
>>> There are no technical grounds for parent and child zones to have a  
>>> legal agreement underpinning their use of DNSSEC. So if a TLD wants to  
>>> have a signed delegation, they can do that with or without an  
>>> agreement or anything that could be viewed as an acceptance of the way  
>>> the root is managed today. If a TLD doesn't want to have a signed  
>>> delegation, then they don't have to. Nobody's being compelled to do  
>>> anything they don't want.
>>>       
>> 	well... as Lutz has demostrated, its often difficult to 
>> 	have a signed delegation and also be able to restrict whom
>> 	picks up your DNSKEY and plops it into their version of the parent
>> 	delegation.
>>     
>
> DNSKEY is just a Resource Record, just like NS. The same arguments
> apply to both, with equal meaning technically. People are applying
> meaning to DNSSEC-related stuff that it does not actully have. For
> some reason you are adding fuel to that fire.
>   

Doug,
please, change you mind - it is not just a Record. You will begin to use 
all the stuff that have different background in real - non network life with
all problems that it will arise.

Dima
>
> Doug
>
>