To:
johani@autonomica.se (Johan Ihren)
Cc:
dnsop@cafax.se
From:
Bill Manning <bmanning@ISI.EDU>
Date:
Mon, 7 Oct 2002 11:10:20 -0700 (PDT)
In-Reply-To:
<2cvg4e4ngt.fsf@snout.autonomica.net> from Johan Ihren at "Oct 7, 2 11:17:38 am"
Sender:
owner-dnsop@cafax.se
Subject:
Re: Interim signing of the root zone.
some concerns: DS only works in snapshot code. And the publicly availble snapshots have known, serious operational problems. We -REALLY- need more stable code before committing this to production. there are some indications from the root testbed that there are fatal interactions with some released versions of DNS code. further controlled testing should be done. the selection of RIRs. RIRs -DO- have the DNS as a primary field of activity. (see in-addr.arpa.) The holders of forward space (.SE, DE, NL, etc.) become disinfranchised "customers". "sufficient number" and "out-of-band" are concepts that really need some concrete recommendations. key duration should be better fleshed out. Experiences from the existing testbed may be useful. key publication methods have been explored but do need further work. % The same is true for the need for operational experience with a % signed root zone. There is no method of acquiring this experience % except by signing the root zone, so that is what is being proposed. this is not exactly true. and your risk-analysis does not exactly match empirical evidence. --bill