North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: wrt joao damas' DLV talk on wednesday

  • From: David W. Hankins
  • Date: Tue Jun 13 11:47:58 2006

On Tue, Jun 13, 2006 at 01:18:06AM -0700, Randy Bush wrote:
> actually, i think it most important that a proposed dlv service
> make very clear its security policy and process in vetting the
> correctness of the data it serves, i.e. the trust anchors for
> dependent zones.

Oh, you're asking specifically for more detail than is on our
web page, then ('Registering your zone key in the DLV tree').

You mentioned that this would have relevance to future practices
should the root be signed, and I can't for the life of me see how.

I think this is an artificial problem that arises only for ISC since
we're out of the delegation loop (except where we can authenticate
registries and receive trust anchors from them).

Do you imagine that, if IANA/ICANN/USDOT/someone were told to
implement a policy to sign the root, that they would have trouble
identifying the owners of the TLD's reliably?

If so, wouldn't this problem already exist today in the information
already present in the root zone?

> once one can have confidence in the correctness of the data
> served, one might then become inclined to worry about the
> reliability of the service :-).

David W. Hankins		"If you don't do it right the first time,
Software Engineer			you'll just have to do it again."
Internet Systems Consortium, Inc.		-- Jack T. Hankins

Attachment: pgp00006.pgp
Description: PGP signature