[Dnssec-deployment] Re-introduction of .de subdomains into ISC's DLV
Jim Reid
jim at rfc1035.com
Tue Jun 14 06:11:16 EDT 2011
On 14 Jun 2011, at 07:04, Paul Vixie wrote:
> since folks are still using it, it's hard to want to shut it down.
Well, it's certainy true shutting down DLV is hard if people are using
it. However it's not at all hard to want DLV shut down, whether it's
used or not. :-) Though I don't think anyone was advocating on this
thread DLV should be shut down. That's an entirely separate discussion.
IIUC the question that was asked was "why is ISC's DLV open for
business to delegations in signed domains that have a validation path
to the One True Trust Anchor?". If ISC's DLV truly is a half-way house
for delegations that don't yet have a chain of trust to the root,
perhaps it shouldn't be accepting entries for delegations that already
have that validation path.
BTW, I understand but don't buy the answers about pre-SHA2 crypto and
uncooperative registrars. They're just a variation on the problem of
TLDs who can't/won't sign their zones: ie DLV gives them an easy
excuse to sit on their hands.
More information about the Dnssec-deployment
mailing list