[dnssec-deployment] dot MUSEUM implemented DNSSEC

Andrew Sullivan ajs at commandprompt.com
Fri Sep 19 11:02:53 EDT 2008


On Fri, Sep 19, 2008 at 06:35:57AM -0400, Steve Crocker wrote:

> Unless there are some specific rules put in place, it seems to me that each 
> zone operator will be creating its own key under its own policies and 
> passing them upward to its parent.  This is the same as how other zone 
> information, e.g. NS records, are handled.

>>From my point of view, we should take guidance from the current
practices: the administrator of the (TLD) zone has had the
administrative authority delegated, and therefore should make most of
the policies.  Apart from minimal tests of, "Will this work," akin to
those currently performed by IANA and Verisign when a change is made
in a delegation from the root zone, I don't think any rules should be
added.

Best regards,

A

-- 
Andrew Sullivan
ajs at commandprompt.com
+1 503 667 4564 x104
http://www.commandprompt.com/



More information about the Dnssec-deployment mailing list