To:
Mark Kosters <markk@netsol.com>
cc:
"D. J. Bernstein" <djb@cr.yp.to>, iesg@ietf.org, dnsop@cafax.se
From:
Ray Plzak <plzak@ops2.nic.mil>
Date:
Tue, 21 Mar 2000 10:23:03 -0500 (EST)
In-Reply-To:
<20000321094303.F12657@slam.internic.net>
Sender:
owner-dnsop@cafax.se
Subject:
Re: Last Call: Root Name Server Operational Requirements to BCP
IMHO this document is ready as it is. There is no need for another draft. All issues have been addressed. Ray On Tue, 21 Mar 2000, Mark Kosters wrote: > On Tue, Mar 21, 2000 at 10:24:27AM -0000, D. J. Bernstein wrote: > > I wrote: > > : For example, 3.3.2 says that root servers ``MUST be DNSSEC-capable,'' > > : but NSI says that the current servers would choke if DNSSEC were used. > > > > In fact, it turns out that the current version of BIND _crashes_ if you > > give it a secure zone. > > > > I realize that the IESG wants to encourage people to support DNSSEC. But > > calling it ``best current practice'' is fraudulent. > > Dan - the next sentence in 3.3.2 says: > > It is understood that DNSSEC is not yet deployable on some common platforms, > but will be deployed when supported. > > So, when DNSSEC is ready with a implementation that is robust and scalable, > the root servers must be able to support it. IMHO, there is nothing fraudulent > about that. > > Mark > > -- > > Mark Kosters markk@netsol.com Network Solutions, Inc. > PGP Key fingerprint = 1A 2A 92 F8 8E D3 47 F9 15 65 80 87 68 13 F6 48 >