wrt joao damas' DLV talk on wednesday

• Previous message (by thread): wrt joao damas' DLV talk on wednesday
• Next message (by thread): wrt joao damas' DLV talk on wednesday
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Jun 13, 2006 at 01:18:06AM -0700, Randy Bush wrote:
> actually, i think it most important that a proposed dlv service
> make very clear its security policy and process in vetting the
> correctness of the data it serves, i.e. the trust anchors for
> dependent zones.

Oh, you're asking specifically for more detail than is on our
web page, then ('Registering your zone key in the DLV tree').


You mentioned that this would have relevance to future practices
should the root be signed, and I can't for the life of me see how.

I think this is an artificial problem that arises only for ISC since
we're out of the delegation loop (except where we can authenticate
registries and receive trust anchors from them).

Do you imagine that, if IANA/ICANN/USDOT/someone were told to
implement a policy to sign the root, that they would have trouble
identifying the owners of the TLD's reliably?

If so, wouldn't this problem already exist today in the information
already present in the root zone?


> once one can have confidence in the correctness of the data
> served, one might then become inclined to worry about the
> reliability of the service :-).

-- 
David W. Hankins		"If you don't do it right the first time,
Software Engineer			you'll just have to do it again."
Internet Systems Consortium, Inc.		-- Jack T. Hankins
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20060613/bed2fc10/attachment.sig>

• Previous message (by thread): wrt joao damas' DLV talk on wednesday
• Next message (by thread): wrt joao damas' DLV talk on wednesday
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]