[Dnssec-deployment] Root Zone DNSSEC Deployment Technical Status Update
Paul Wouters
paul at xelerance.com
Mon Jul 19 14:55:11 EDT 2010
On Mon, 19 Jul 2010, bmanning at vacation.karoshi.com wrote:
>> It worked technically, and I ran with OE on our entire rack for a few
>> years, but in the end it simply did not scale because people don't
>> have access to their reverse, and they're behind NAT. And thoughts have
>> focussed more on using IPv6 tunneling somehow with keys.
>>
>> Paul
>
> still an underexplored area for some inovative work.
> I wonder if it would be worthwhile to pull out the
> notes from the three workshops we did on DNSSEC-APIs
> and let the current crop of DNS engineers look at them
What I'd like to see is the various drafts and proposals about KEY/hash
storage in DNS records to resume. We have proposals that some think are
too generic and therefor not very useful. And we have ones that are too
specific and therefor not very useful. And a concern of too many records
in the APEX (and the "dnssec is not a PKI people" :)
Paul
More information about the Dnssec-deployment
mailing list