[dns-wg] Re: Another DNSSEC action: add your DS to DLV (Was: NTIA NoI: does anyone care?
Stephane Bortzmeyer bortzmeyer at nic.fr
Fri Oct 24 16:03:07 CEST 2008
On Thu, Oct 23, 2008 at 09:14:04AM -0700, David Conrad <drc at virtualized.org> wrote a message of 44 lines which said: > IANA is planning on announcing the beta version of the IANA interim > trust anchor repository during the upcoming RIPE meeting. ITAR won't replace DLV because (correct me if I'm wrong), it will work only for TLDs. Many TLD won't be signed overnight (signing ".com" is not something to do lightly, ".fr" is not signed and has no detailed plan for DNSSEC yet, ".de" announced nothing, etc) so, EVEN IF THE ROOT IS SIGNED, we still need DLV. I manage sources.org. Without DLV, I would need signature of the root AND of ".org" AND cooperation from my registrar (which still does not allow AAAA glue, I wonder how long it will take them for allowing DS). With DLV, it works for every one who is too lazy, like Shane, to try to find the public key of my small vanity domain in a secure way.
[ dns-wg Archives ]