[Dnssec-deployment] National sovereignty, not

Paul Hoffman paul.hoffman at vpnc.org
Tue Jun 29 18:47:42 EDT 2010


At 9:45 PM +0000 6/29/10, Paul Vixie wrote:
>what we're seeing here is a failure to communicate.
>. . .
>such servers are misconfigured. for a TLD server to be misconfigured in
>this way is irresponsible on ICANN's part, who should've tested this
>before adjusting the root zone to contain the respective NS RR. ICANN
>should also periodically retest, and should have the contractual right
>to warn privately, warn publically, and then remove after 24 hours any
>such NS RR, without reference to the national sovereignty of the CCTLD.

You jumped from TLD to ccTLD ".cat" is not yet a CCTLD. ICANN has, and should have, different relationships with the non-ccTLDs than they do with the ccTLDs.

And, yes, this is on-topic for the list. The other Paul is suggesting removing NS RRs of zones after they are signed if those zones don't meet ICANN's operational rules. Such a move, or even ICANN's suggestion of such a move, would have a very negative impact on DNSSEC deployment by causing TLDs to not want to deploy. That has to be weighed against the positive impact of coerced stability of deployed DNSSEC zones.

--Paul Hoffman, Director
--VPN Consortium


More information about the Dnssec-deployment mailing list