[Dnssec-deployment] dealing with broken TLD name servers
woolf at isc.org
Thu Jul 1 07:42:42 EDT 2010
Let me make sure I parsed this.
On Thu, Jul 01, 2010 at 06:25:35AM -0400, Eric Brunner-Williams wrote:
> On 6/30/10 6:27 PM, Francisco Arias wrote:
> >At least for new gTLDs there is something that can be done right now.
> >Currently there is a public comment period about, among other things,
> >Specification 6 of the Draft Registry Agreement for new gTLDs.
> I want to point out that raising the bar for applicants, and currently
> the SLAs in the Draft Applicant Guide are in excess of those the
> COM/NET/NAME operator is currently contractually obligated to achieve,
> creates costs.
> In the 35 years since country codes were adopted, for scaling purposes
> only, only one non-national demographic, the Catalans, have obtained
> authorization to operate a registry.
> I'd like to see that situation improved upon, and I suggest that
> caution is prudent when suggesting additional costs to applicants.
"Securing zones with DNSSEC, and properly serving the signed data,
costs more than not, and some otherwise deserving parties are already
not operating TLDs because it already costs a lot. So please don't
make it cost more by requiring that operators of new TLDs sign their
zones and properly serve the signed zones. Instead you should allow
them to provide broken service if that's the only service they have
resources to provide."
If not, please try again, since clearly I'm missing something.
More information about the Dnssec-deployment