[dns-wg] root zone signing
Dmitry Burkov dburk at burkov.aha.ru
Mon Oct 20 22:07:30 CEST 2008
Doug Barton wrote: > bmanning at vacation.karoshi.com wrote: > >> On Mon, Oct 20, 2008 at 05:26:12PM +0100, Jim Reid wrote: >> >>> I appreciate that some people will feel that legal agreements are an >>> unavoidable consequence of signing. However that's a matter between >>> the each TLD (and its government?) and those co-ordinating the root. >>> There are no technical grounds for parent and child zones to have a >>> legal agreement underpinning their use of DNSSEC. So if a TLD wants to >>> have a signed delegation, they can do that with or without an >>> agreement or anything that could be viewed as an acceptance of the way >>> the root is managed today. If a TLD doesn't want to have a signed >>> delegation, then they don't have to. Nobody's being compelled to do >>> anything they don't want. >>> >> well... as Lutz has demostrated, its often difficult to >> have a signed delegation and also be able to restrict whom >> picks up your DNSKEY and plops it into their version of the parent >> delegation. >> > > DNSKEY is just a Resource Record, just like NS. The same arguments > apply to both, with equal meaning technically. People are applying > meaning to DNSSEC-related stuff that it does not actully have. For > some reason you are adding fuel to that fire. > Doug, please, change you mind - it is not just a Record. You will begin to use all the stuff that have different background in real - non network life with all problems that it will arise. Dima > > Doug > >
[ dns-wg Archives ]