[dns-wg] RIPE NCC DNSSEC trust anchors

On 14 Nov 2014, at 10:19, Tony Finch <dot at dotat.at> wrote:

> Peter Koch <pk at DENIC.DE> wrote:
>> 
>> I'd rather not see the RIPE NCC further endorse the DLV technology and
>> service by continuing to submit key material there.  DLV was meant as a
>> temporary deployment aid and might have been a good idea at its time.
> 
> We would like to stop using the DLV but some of our reverse zones cannot
> be validated without it because JANET has only signed ac.uk.

Although you know I very much want to see DLV killed, that is not the matter at hand. What we are discussing is the NCC's use of DLV for stuff that either has no reason to be there or for domain names that have little or no relevance/use to the NCC and the community. I would like to keep the focus on that. In that context, Peter's comments go to the heart of the matter.

There's a meta-issue too. Some years ago, long before the root was signed, the NCC shoved stuff into DLV as a short-term kludge. It's continuing to do that even though there seems to be no good reason for doing that any more. So have the NCC reviewed its processes for DLV population or assessed whether this activity is necessary or worthwhile?

If you wish to continue discussing DLV's worth and relevance to the local problem you mentioned, go ahead. But please do so on another thread.