[Dnssec-deployment] a few more TLDs signed

Dan Mahoney dmahoney at isc.org
Wed Oct 6 11:40:53 EDT 2010

On Wed, 6 Oct 2010, Dave Knight wrote:

> On 2010-10-06, at 10:26 AM, Stephane Bortzmeyer wrote:
> > On Wed, Oct 06, 2010 at 07:16:38AM -0700,
> > Joe Abley <joe.abley at icann.org> wrote 
> > a message of 22 lines which said:
> > 
> >> In the interests of avoiding repeated questions internally about the extent of DNSSEC deployment in TLDs, we knocked together a script which provides some automated answers. If that's useful to anybody else, please feel free to use it.
> >> 
> >> http://stats.research.icann.org/dns/tld_report/
> > 
> > What is the meaning of colors? It looks like that having your key in
> > DLV makes you turn orange (see .TH vs. FR).
> A TLD having either colour indicates that it is signed. Green denotes those TLDs which are in the expected end state, while orange suggests that a transition mechanism is in place, or that the trust anchor is not present in any of the root, ITAR, or ISC's DLV.
> Would it be useful to have a third colour to differentiate those TLDs 
> where there is no trust anchor in the root, ITAR, or ISC's DLV?

i.e. a colour that says "if you want to validate this you MUST configure 
it manually"?

Yes, I feel that would be helpful.  As would a legend right at the top of 
the chart.

Also note that DLV imports the ITAR, so if it's there, it's generally in 

(Although there are cases where (upon the TLD-owners request) ISC 
separates out the domain into a separate account that the tld-owner can 
manage directly, as opposed to relying on the ITAR-import.)

-Dan Mahoney
ISC Operations and DLV team

More information about the Dnssec-deployment mailing list