[Dnssec-deployment] dealing with broken TLD name servers
ebw at abenaki.wabanaki.net
Thu Jul 1 06:25:35 EDT 2010
On 6/30/10 6:27 PM, Francisco Arias wrote:
> At least for new gTLDs there is something that can be done right now.
> Currently there is a public comment period about, among other things,
> Specification 6 of the Draft Registry Agreement for new gTLDs.
I want to point out that raising the bar for applicants, and currently
the SLAs in the Draft Applicant Guide are in excess of those the
COM/NET/NAME operator is currently contractually obligated to achieve,
> Specification 6 covers most of the technical standards that a new gTLD
> has to comply. It lists the RFCs and includes a Service Level
> Agreement with its respective real time monitoring system, that would
> have caught the issue that started this thread. Suggestions on how to
> improve it are more than welcomed.
It is reasonable to ask what cost has been created in this specific
instance of signing a zone which has been externalized to third parties.
Failure to provide defensible asserted externalized costs
significantly in excess of the cost of correctly identifying and
fixing the root cause, is not useful.
> Draft Registry Agreement can be found at:
> Anyone can submit comments, before 21 July 2010, by email to
> <4gtld-base at icann.org>. The full list of comments already submitted
> can be seen at:
> If anyone would like more information, please contact me off-list in
> "francisco.arias at icann.org"
The technical interest in the subject motivating at least two early
adopters has no accompanying economic or policy basis, and this
experience, particularly its use in causing advocacy for further
increases in cost and risk with no obvious benefit to the adopter,
makes zone signing, if mandatory to implement, lacking of any other
In the 35 years since country codes were adopted, for scaling purposes
only, only one non-national demographic, the Catalans, have obtained
authorization to operate a registry.
I'd like to see that situation improved upon, and I suggest that
caution is prudent when suggesting additional costs to applicants.
More information about the Dnssec-deployment