[dnssec-deployment] Plans to sign arpa, in-addr.arpa, ip6.arpa?
jabley at hopcount.ca
Sat Nov 7 17:07:44 EST 2009
On 2009-11-06, at 21:42, Chris Thompson wrote:
> Maybe I've missed something, but among all the ICANN/Verisign
> of the planned schedule for signing the root zone, there doesn't
> seem to
> be any mention of "arpa", "in-addr.arpa" (both served from the root
> or "ip6.arpa" (not so served, but owned by ICANN).
You're right that the work to sign the root zone has not included
direct treatment of the work required to sign ARPA, IN-ADDR.ARPA and
Work continues amongst the various involved orgnisations on arranging
for ARPA, IN-ADDR.ARPA and IP6.ARPA to be signed. The operational
community should expect to hear details just as soon as there are
details to be shared.
> It's also not entirely clear whether it's a good thing for these all
> to be
> separate zones, lengthening the chain of trust.
Your proposal is that IN-ADDR.ARPA, IP6.ARPA and ARPA all be rolled
into the root zone?
More information about the Dnssec-deployment