[dns-wg] NTIA and RIPE
John Schnizlein schnizlein at isoc.org
Wed Oct 29 17:04:57 CET 2008
Since I pushed on this subject, maybe my perspective is useful. Signing a TLD or higher zone is pretty pointless unless it contains DS records. It is really important that the process for the child to maintain the DS record in the parent zone be as easy as possible. At the root, where literally everybody comes together, the opportunity for getting this wrong is large. For example, a TLD operator might have good reason that it chooses not to reveal to want to change its KSK quickly. The process for signing the root should make this as easy as possible. John On 2008Oct29, at 7:30 PM, Edward Lewis wrote: >> >> F - Policies and processes for signing the root zone should make it >> easy >> for TLDs to participate. > > As someone employed by a TLD registry, it's not clear to me how or > why such rather internal matters of the root zone matter to my job. > Again, not saying this is a bad statement, but it begs for more > detail or direction. > > I am not saying that the policies and processes for signing the root > should be closed to the public. I just don't see the relevance to > the TLD.
[ dns-wg Archives ]