[dns-wg] NTIA and RIPE
Patrik Fältström paf at cisco.com
Wed Oct 29 12:01:19 CET 2008
On request, now as text. The original is the PDF though, so I do not guarantee this version is exactly like the current version on PDF. I hope so though! Patrik -- that missed lunch...see some of you in the desert RIPE and NTIA 29th of October 2008 A - DNSSEC is about data authenticity and integrity and not about control. B - The addition of DNSSEC to the root zone must be recognised as a global initiative. C - Addition of DNSSEC must be done in a way that the deployment of DNS is not at risk. D - Deployment should be done in a timely but not hasty manner. E - Any procedural changes introduced by DNSSEC should be aligned with the process for coordinating changes to and the distribution of the root zone. F - Policies and processes for signing the root zone should make it easy for TLDs to participate. G - There is no technical justification to create a new organisation to oversee the process of signing of the root. H - No data should be moved between organisations without appropriate authenticity and integrity checking. I - The public part of the KSK must be distributed as widely as possible. J - The organisation that creates the zone file must hold the private part of the ZSK. K - Changes to the entities and roles in the signing process must not require a change of keys.
[ dns-wg Archives ]