[governance] Re: Fwd: [dns-operations] DNSSEC in the Root Zone

Stephane Bortzmeyer bortzmeyer at internatif.org
Wed Oct 7 05:17:08 EDT 2009


On Tue, Oct 06, 2009 at 11:09:18PM +0300,
 McTim <dogwallah at gmail.com> wrote 
 a message of 43 lines which said:

> FYI, red meat for the IGP blog!

An important thing to note is that there is no date, in the published
timeline, for the inclusion of the keys of the Top-Level Domains (the
"DS records"). This means that, even after the root it itself signed,
TLD which are already signed like .SE or .ORG will not be validated
through the root.

I mention this point because one of the reasons is probably related to
governance: since every change, however technical is it, in the root
zone, have to be approved a priori, in writing, by an office in
Washington DC (with office hours which may be different from those of
the requester), management of cryptographic keys will be a real pain!
(This is a good opportunity to show that the end of the JPA changed
nothing.)

IANA/ICANN, now "independent", is currently asking the US governement
about its plans for the inclusion of TLD keys in the signed root.

____________________________________________________________
You received this message as a subscriber on the list:
     governance at lists.cpsr.org
To be removed from the list, send any message to:
     governance-unsubscribe at lists.cpsr.org

For all list information and functions, see:
     http://lists.cpsr.org/lists/info/governance



More information about the Governance mailing list