[dns-wg] Re: Another DNSSEC action: add your DS to DLV (Was: NTIA NoI: does anyone care?
David Conrad drc at virtualized.org
Sat Oct 25 18:37:01 CEST 2008
Stephane, On Oct 24, 2008, at 7:03 AM, Stephane Bortzmeyer wrote: >> IANA is planning on announcing the beta version of the IANA interim >> trust anchor repository during the upcoming RIPE meeting. > ITAR won't replace DLV because (correct me if I'm wrong), it will work > only for TLDs. It is true that IANA's iTAR will only accept trust information for TLDs. If the Internet community wants the IANA to support a more generalized TAR, I would think the normal course of action would be for DNSOP to put out an RFC with an IANA considerations section telling IANA what to do. > EVEN IF THE ROOT IS SIGNED, we still need DLV. I would agree that we will likely need some mechanism to distribute trust anchors for the various islands of trust that will continue to exist even after the root is signed. I will not go so far as to say we need DLV which I personally believe is non-scalable, non-standard, and imputes a highly questionable trust model into _every_ non-cached DNS lookup (sigh, another broken resolution). > I manage sources.org. Without DLV, I would need signature of the > root AND of ".org" As you may be aware, PIR has already announced they're planning on signing .ORG. Based on empirical evidence, I suspect .ORG will be signed (and in the iTAR) before the root is signed. > AND cooperation from my registrar (which still does not > allow AAAA glue, I wonder how long it will take them for allowing DS). You might want to consider changing registrars. Regards, -drc
[ dns-wg Archives ]