[Dnssec-deployment] not ANY (Re: CAT is signed )

Florian Weimer fweimer at bfk.de
Thu Jul 1 10:41:09 EDT 2010


* Paul Vixie:

>> From: Florian Weimer <fweimer at bfk.de>
>> Date: Thu, 01 Jul 2010 08:51:48 +0000
>> 
>> Anyway, this still doesn't answer the question why would you want
>> ICANN to revoke TLD delegations ...
>
> never said that, never wanted that, would never want that.
>
> all i want is for icann to be able to remove one NS RR out of an NS RRset
> under the following conditions:

Okay, I misread what you wrote, sorry about that.

Don't the trust rules in RFC 2181 suggest that this measure is not
effective at all?  Even delegation-centric zones serve a positive,
authoritative answer once they are signed, and resolvers are
encouraged to make use of the authority information contained in it.

-- 
Florian Weimer                <fweimer at bfk.de>
BFK edv-consulting GmbH       http://www.bfk.de/
Kriegsstraße 100              tel: +49-721-96201-1
D-76133 Karlsruhe             fax: +49-721-96201-99


More information about the Dnssec-deployment mailing list