[90739] in North American Network Operators' Group
Re: wrt joao damas' DLV talk on wednesday
daemon@ATHENA.MIT.EDU (David W. Hankins)
Tue Jun 13 11:48:05 2006
Date: Tue, 13 Jun 2006 08:47:35 -0700
From: "David W. Hankins" <David_Hankins@isc.org>
To: nanog@merit.edu
In-Reply-To: <17550.29886.878057.638064@roam.psg.com>
Errors-To: owner-nanog@merit.edu
--tKW2IUtsqtDRztdT
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
On Tue, Jun 13, 2006 at 01:18:06AM -0700, Randy Bush wrote:
> actually, i think it most important that a proposed dlv service
> make very clear its security policy and process in vetting the
> correctness of the data it serves, i.e. the trust anchors for
> dependent zones.
Oh, you're asking specifically for more detail than is on our
web page, then ('Registering your zone key in the DLV tree').
You mentioned that this would have relevance to future practices
should the root be signed, and I can't for the life of me see how.
I think this is an artificial problem that arises only for ISC since
we're out of the delegation loop (except where we can authenticate
registries and receive trust anchors from them).
Do you imagine that, if IANA/ICANN/USDOT/someone were told to
implement a policy to sign the root, that they would have trouble
identifying the owners of the TLD's reliably?
If so, wouldn't this problem already exist today in the information
already present in the root zone?
> once one can have confidence in the correctness of the data
> served, one might then become inclined to worry about the
> reliability of the service :-).
--
David W. Hankins "If you don't do it right the first time,
Software Engineer you'll just have to do it again."
Internet Systems Consortium, Inc. -- Jack T. Hankins
--tKW2IUtsqtDRztdT
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
iD8DBQFEjt4XcXeLeWu2vmoRAoc4AKC9N7VSJrLZWND0yha5GcKwum0TbwCgree1
IyADL1GVFm8C/3m+S0PeT/o=
=xRt2
-----END PGP SIGNATURE-----
--tKW2IUtsqtDRztdT--
