[dns-wg] NTIA and RIPE

On request, now as text. The original is the PDF though, so I do not  
guarantee this version is exactly like the current version on PDF. I  
hope so though!

    Patrik -- that missed lunch...see some of you in the desert

RIPE and NTIA
29th of October 2008

A - DNSSEC is about data authenticity and integrity and not about  
control.

B - The addition of DNSSEC to the root zone must be recognised as a  
global initiative.

C - Addition of DNSSEC must be done in a way that the deployment of  
DNS is not at risk.

D - Deployment should be done in a timely but not hasty manner.

E - Any procedural changes introduced by DNSSEC should be aligned with  
the process for coordinating changes to and the distribution of the  
root zone.

F - Policies and processes for signing the root zone should make it  
easy for TLDs to participate.

G - There is no technical justification to create a new organisation  
to oversee the process of signing of the root.

H - No data should be moved between organisations without appropriate  
authenticity and integrity checking.

I - The public part of the KSK must be distributed as widely as  
possible.

J - The organisation that creates the zone file must hold the private  
part of the ZSK.

K - Changes to the entities and roles in the signing process must not  
require a change of keys.