[Dnssec-deployment] Dropping IANA ITAR entries

Edward Lewis Ed.Lewis at neustar.biz
Wed Aug 4 14:31:14 EDT 2010


(In an attempt to stop this thread -) How about this?

IANA continues to have ITAR sitting there until they are tired of it. 
It's IANA's prerogative.

If there are any validation errors that can be traced back to a stale 
trust anchor in ITAR, the trust anchor is removed.

Optionally, IANA refuses new trust anchors but allows existing ones 
to be updated.  (By "new" I mean a TLD is prevented by adding one if 
they do not have one now.)

There may be some folks relying on the trust anchors in ITAR - if 
they don't have SHA-2 code available for example (as has been 
mentioned).

I don't see a reason to kill ITAR just because it can be done. 
There's no need to force people into the future (ie the signed root).
-- 
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis
NeuStar                    You can leave a voice message at +1-571-434-5468

Spouses, like Internet protocols, lack necessary troubleshooting tools. Sigh.


More information about the Dnssec-deployment mailing list