[Dnssec-deployment] a few more TLDs signed

Dan Mahoney dmahoney at isc.org
Wed Oct 6 11:40:53 EDT 2010



On Wed, 6 Oct 2010, Dave Knight wrote:

> 
> On 2010-10-06, at 10:26 AM, Stephane Bortzmeyer wrote:
> 
> > On Wed, Oct 06, 2010 at 07:16:38AM -0700,
> > Joe Abley <joe.abley at icann.org> wrote 
> > a message of 22 lines which said:
> > 
> >> In the interests of avoiding repeated questions internally about the extent of DNSSEC deployment in TLDs, we knocked together a script which provides some automated answers. If that's useful to anybody else, please feel free to use it.
> >> 
> >> http://stats.research.icann.org/dns/tld_report/
> > 
> > What is the meaning of colors? It looks like that having your key in
> > DLV makes you turn orange (see .TH vs. FR).
> 
> A TLD having either colour indicates that it is signed. Green denotes those TLDs which are in the expected end state, while orange suggests that a transition mechanism is in place, or that the trust anchor is not present in any of the root, ITAR, or ISC's DLV.
> 
> Would it be useful to have a third colour to differentiate those TLDs 
> where there is no trust anchor in the root, ITAR, or ISC's DLV?

i.e. a colour that says "if you want to validate this you MUST configure 
it manually"?

Yes, I feel that would be helpful.  As would a legend right at the top of 
the chart.

Also note that DLV imports the ITAR, so if it's there, it's generally in 
DLV.

(Although there are cases where (upon the TLD-owners request) ISC 
separates out the domain into a separate account that the tld-owner can 
manage directly, as opposed to relying on the ITAR-import.)

-Dan Mahoney
ISC Operations and DLV team


More information about the Dnssec-deployment mailing list