[Dnssec-deployment] Dropping IANA ITAR entries [was: KSK rollover in .cz]

Joe Abley joe.abley at icann.org
Wed Aug 4 10:58:31 EDT 2010

On 2010-08-04, at 10:53, "João Damas" <joao at bondis.org<mailto:joao at bondis.org>> wrote:

On 4 Aug 2010, at 16:49, Ondřej Surý wrote:

If there is a compromise then the TAs will be changed at both places.

not necessarily, the process has many stages and it doesn't come back to the originator for verification (or does it?)

The root zone authorization and provisioning process was documented in the RSST report, I believe.

My understanding is that, once authorized, changes are provisioned in the root zone by VeriSign with significant internal testing, but with no external review.

Note that I don't work directly with the IANA staff that do this, however, and may well be confused.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://dnssec-deployment.org/pipermail/dnssec-deployment/attachments/20100804/7e4c0e3a/attachment.html 

More information about the Dnssec-deployment mailing list