[Dnssec-deployment] a few more TLDs signed
Dan Mahoney
dmahoney at isc.org
Wed Oct 6 11:40:53 EDT 2010
On Wed, 6 Oct 2010, Dave Knight wrote:
>
> On 2010-10-06, at 10:26 AM, Stephane Bortzmeyer wrote:
>
> > On Wed, Oct 06, 2010 at 07:16:38AM -0700,
> > Joe Abley <joe.abley at icann.org> wrote
> > a message of 22 lines which said:
> >
> >> In the interests of avoiding repeated questions internally about the extent of DNSSEC deployment in TLDs, we knocked together a script which provides some automated answers. If that's useful to anybody else, please feel free to use it.
> >>
> >> http://stats.research.icann.org/dns/tld_report/
> >
> > What is the meaning of colors? It looks like that having your key in
> > DLV makes you turn orange (see .TH vs. FR).
>
> A TLD having either colour indicates that it is signed. Green denotes those TLDs which are in the expected end state, while orange suggests that a transition mechanism is in place, or that the trust anchor is not present in any of the root, ITAR, or ISC's DLV.
>
> Would it be useful to have a third colour to differentiate those TLDs
> where there is no trust anchor in the root, ITAR, or ISC's DLV?
i.e. a colour that says "if you want to validate this you MUST configure
it manually"?
Yes, I feel that would be helpful. As would a legend right at the top of
the chart.
Also note that DLV imports the ITAR, so if it's there, it's generally in
DLV.
(Although there are cases where (upon the TLD-owners request) ISC
separates out the domain into a separate account that the tld-owner can
manage directly, as opposed to relying on the ITAR-import.)
-Dan Mahoney
ISC Operations and DLV team
More information about the Dnssec-deployment
mailing list