[Dnssec-deployment] a few more TLDs signed
dmahoney at isc.org
Wed Oct 6 11:40:53 EDT 2010
On Wed, 6 Oct 2010, Dave Knight wrote:
> On 2010-10-06, at 10:26 AM, Stephane Bortzmeyer wrote:
> > On Wed, Oct 06, 2010 at 07:16:38AM -0700,
> > Joe Abley <joe.abley at icann.org> wrote
> > a message of 22 lines which said:
> >> In the interests of avoiding repeated questions internally about the extent of DNSSEC deployment in TLDs, we knocked together a script which provides some automated answers. If that's useful to anybody else, please feel free to use it.
> >> http://stats.research.icann.org/dns/tld_report/
> > What is the meaning of colors? It looks like that having your key in
> > DLV makes you turn orange (see .TH vs. FR).
> A TLD having either colour indicates that it is signed. Green denotes those TLDs which are in the expected end state, while orange suggests that a transition mechanism is in place, or that the trust anchor is not present in any of the root, ITAR, or ISC's DLV.
> Would it be useful to have a third colour to differentiate those TLDs
> where there is no trust anchor in the root, ITAR, or ISC's DLV?
i.e. a colour that says "if you want to validate this you MUST configure
Yes, I feel that would be helpful. As would a legend right at the top of
Also note that DLV imports the ITAR, so if it's there, it's generally in
(Although there are cases where (upon the TLD-owners request) ISC
separates out the domain into a separate account that the tld-owner can
manage directly, as opposed to relying on the ITAR-import.)
ISC Operations and DLV team
More information about the Dnssec-deployment