To:
Roy Arends <Roy.Arends@nominum.com>
Cc:
Miek Gieben <miekg@nlnetlabs.nl>, Scott Rose <scottr@antd.nist.gov>, dnssec@cafax.se, DNSEXT WG Mailing list <namedroppers@ops.ietf.org>
From:
Miek Gieben <miekg@atoom.net>
Date:
Wed, 4 Jul 2001 14:47:57 +0200
Content-Disposition:
inline
In-Reply-To:
<Pine.BSF.4.33.0107041414270.8709-100000@node10c4d.a2000.nl>
Sender:
owner-dnssec@cafax.se
User-Agent:
Mutt/Linux
Subject:
Re: I-D ACTION:draft-ietf-dnsext-dnssec-opt-in-00.txt
[On 04 Jul, 2001, Roy Arends wrote in " Re: I-D ACTION:draft-ietf-dnsext-dnssec-opt-in-00.txt "] > > which zones are going to use opt-in? .com and .net? Can't we just say > > that we will never do DNSSEC on .com/.net and friends. If you want to > > be secure get your secure domainname under .secure? <SNIP> > In general, using optin relieves large TLD's for signing each and every > individual Resource Record and creating (null/real)keys + sig + nxt + sig > over unsigned delegations. > > Going through the ICANN process and obtaining the .secure TLD seems very > heavy. And next to that, the .secure TLD registry probably wants opt-in > too. why should a small TLD like .secure (going through ICANN is another story) would use opt-in? They can use dnssec right as it stands now. The .secure will grow in time but I don't think it will ever reach the size of .com. I know what opt-in is trying to do, but i'm wondering if it isn't an overkill for zones that are already too large for normal DNS grtz Miek NLet Labs