[governance] Thought experiment on TLD removal from the root zone (was Re: DMP} Statement...)
David Conrad
drc at virtualized.org
Tue Dec 10 10:17:27 EST 2013
Norbert,
On Dec 10, 2013, at 9:07 AM, Norbert Bollow <nb at bollow.ch> wrote:
>> I believe at least some of the root servers would refuse to
>> accept the modified zone.
> Wouldn't that cause DNSSEC validation to start failing after a couple
> of days?
Yes and no. If the zone is modified, it will cause DNSSEC validation failures immediately. However, instead of modifying the zone, they could restore a previous version of the zone (with the DNSSEC information that was relevant at the time intact). This would provide about 1 week (until the zone expired) for an alternative signing infrastructure to be established.
Given the scenario, I believe it would be safe to assume the resolver operators who were unhappy with the change would update their trust anchors to use the new signing infrastructure/root servers sooner rather than later.
It's also probably worth noting that according to http://www.potaroo.net/ispcol/2013-07/dnssec-google.html, as of May 2013, about 8.3% of the Internet would actually notice an invalid signature (I believe around 7% are behind a single validating resolver (Google's Public DNS)).
Regards,
-drc
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 495 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.igcaucus.org/pipermail/governance/attachments/20131210/e550a003/attachment.sig>
-------------- next part --------------
____________________________________________________________
You received this message as a subscriber on the list:
governance at lists.igcaucus.org
To be removed from the list, visit:
http://www.igcaucus.org/unsubscribing
For all other list information and functions, see:
http://lists.igcaucus.org/info/governance
To edit your profile and to find the IGC's charter, see:
http://www.igcaucus.org/
Translate this email: http://translate.google.com/translate_t
More information about the Governance
mailing list