[dns-wg] NTIA and RIPE
- Previous message (by thread): [dns-wg] NTIA and RIPE v3
- Next message (by thread): [dns-wg] NTIA and RIPE
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Patrik Fältström
paf at cisco.com
Wed Oct 29 12:01:19 CET 2008
On request, now as text. The original is the PDF though, so I do not
guarantee this version is exactly like the current version on PDF. I
hope so though!
Patrik -- that missed lunch...see some of you in the desert
RIPE and NTIA
29th of October 2008
A - DNSSEC is about data authenticity and integrity and not about
control.
B - The addition of DNSSEC to the root zone must be recognised as a
global initiative.
C - Addition of DNSSEC must be done in a way that the deployment of
DNS is not at risk.
D - Deployment should be done in a timely but not hasty manner.
E - Any procedural changes introduced by DNSSEC should be aligned with
the process for coordinating changes to and the distribution of the
root zone.
F - Policies and processes for signing the root zone should make it
easy for TLDs to participate.
G - There is no technical justification to create a new organisation
to oversee the process of signing of the root.
H - No data should be moved between organisations without appropriate
authenticity and integrity checking.
I - The public part of the KSK must be distributed as widely as
possible.
J - The organisation that creates the zone file must hold the private
part of the ZSK.
K - Changes to the entities and roles in the signing process must not
require a change of keys.
- Previous message (by thread): [dns-wg] NTIA and RIPE v3
- Next message (by thread): [dns-wg] NTIA and RIPE
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ dns-wg Archives ]