[dnssec-deployment] Plans to sign arpa, in-addr.arpa, ip6.arpa?

Joe Abley jabley at hopcount.ca
Sat Nov 7 17:07:44 EST 2009


On 2009-11-06, at 21:42, Chris Thompson wrote:

> Maybe I've missed something, but among all the ICANN/Verisign  
> descriptions
> of the planned schedule for signing the root zone, there doesn't  
> seem to
> be any mention of "arpa", "in-addr.arpa" (both served from the root  
> servers)
> or "ip6.arpa" (not so served, but owned by ICANN).

You're right that the work to sign the root zone has not included  
direct treatment of the work required to sign ARPA, IN-ADDR.ARPA and  
IP6.ARPA.

Work continues amongst the various involved orgnisations on arranging  
for ARPA, IN-ADDR.ARPA and IP6.ARPA to be signed. The operational  
community should expect to hear details just as soon as there are  
details to be shared.

> It's also not entirely clear whether it's a good thing for these all  
> to be
> separate zones, lengthening the chain of trust.

Your proposal is that IN-ADDR.ARPA, IP6.ARPA and ARPA all be rolled  
into the root zone?


Joe




More information about the Dnssec-deployment mailing list