[dnssec-deployment] Filling the IANA ITAR
Chris Thompson
cet1 at cam.ac.uk
Thu Oct 29 10:12:39 EDT 2009
On Oct 29 2009, Matt Larson wrote:
>On Wed, 28 Oct 2009, Bill Manning wrote:
[... snipped ...]
>> mroe interesting for those ITAR-smitten. There is no plan to move
>> the ITAR into the root zone. Folks who want their DS records in the
>> root zone will have to submit them -after- the root gets signed.
>> There is no plan to automatically remove data from the ITAR when the
>> DS records are added to the root zone.
>>
>> This last leads me to beleive that there will be a raft of
>> inconsistencies as folks forget to pull old data out of the ITAR -
>> or to scrub those DLV registries that import form the ITAR.
>>
>> Richard or Matt, if you could clarify, I would be most greatful
>
>The ITAR is an IANA functions issue, so I cannot comment on it.
Maybe someone from ICANN could comment, then?
I had understood that the rituals for updating entries in the ITAR were
intended to match those for updating existing entries in the root zone.
And although https://itar.iana.org/ doesn't explicitly say that the ITAR
will be automatically inserted into the signed root zone, these bits have
probably led some people to assume that would happen:
| This is a temporary service until the DNS root zone is signed, at
| which time the keying material will be placed in the root zone
| itself, and this service will be discontinued.
and
| The trust anchor repository is designed to replicate the same trust
| information that would be stored in the DNS root zone, if the DNS
| root zone were signed. Therefore, we store the DS records from
| top-level domains.
--
Chris Thompson University of Cambridge Computing Service,
Email: cet1 at ucs.cam.ac.uk New Museums Site, Cambridge CB2 3QH,
Phone: +44 1223 334715 United Kingdom.
More information about the Dnssec-deployment
mailing list