[95653] in North American Network Operators' Group
Re: America takes over DNS
daemon@ATHENA.MIT.EDU (Gadi Evron)
Sun Apr 1 12:23:04 2007
Date: Sun, 1 Apr 2007 10:46:55 -0500 (CDT)
From: Gadi Evron <ge@linuxbox.org>
To: David Conrad <drc@virtualized.org>
Cc: "J. Oquendo" <sil@infiltrated.net>, nanog@merit.edu
In-Reply-To: <7894F789-5250-4A0B-A787-C0A2252D589A@virtualized.org>
Errors-To: owner-nanog@merit.edu
On Sun, 1 Apr 2007, David Conrad wrote:
>
> Hi,
>
> On Apr 1, 2007, at 6:54 AM, J. Oquendo wrote:
> > Summary:
>
> Confusion resulting from hearsay and extrapolations.
>
> > The "key-signing key" signs the zone key, which is held by VeriSign.
>
> Except that the root zone hasn't been signed and there are no plans I
> am aware of do so (and I think I'd probably know). In one possible
> scenario, VeriSign would hold the zone signing key which would be
> signed by the key signing key. Who holds the KSK hasn't been
> established.
>
> However, in reality, nothing would change. Even if the root were to
> be signed, who signs it doesn't really matter -- the USG already must
> approve any changes made to the root zone.
And of course, it can only approve "Willing changes".
>
> Rgds,
> -drc
>