[95647] in North American Network Operators' Group
Re: America takes over DNS
daemon@ATHENA.MIT.EDU (David Conrad)
Sun Apr 1 11:44:21 2007
In-Reply-To: <20070401135409.GA71272@infiltrated.net>
Cc: nanog@merit.edu
From: David Conrad <drc@virtualized.org>
Date: Sun, 1 Apr 2007 08:35:02 -0700
To: "J. Oquendo" <sil@infiltrated.net>
Errors-To: owner-nanog@merit.edu
Hi,
On Apr 1, 2007, at 6:54 AM, J. Oquendo wrote:
> Summary:
Confusion resulting from hearsay and extrapolations.
> The "key-signing key" signs the zone key, which is held by VeriSign.
Except that the root zone hasn't been signed and there are no plans I
am aware of do so (and I think I'd probably know). In one possible
scenario, VeriSign would hold the zone signing key which would be
signed by the key signing key. Who holds the KSK hasn't been
established.
However, in reality, nothing would change. Even if the root were to
be signed, who signs it doesn't really matter -- the USG already must
approve any changes made to the root zone.
Rgds,
-drc
