[Dnssec-deployment] Re-introduction of .de subdomains into ISC's DLV

Jim Reid jim at rfc1035.com
Tue Jun 14 06:11:16 EDT 2011


On 14 Jun 2011, at 07:04, Paul Vixie wrote:

> since folks are still using it, it's hard to want to shut it down.

Well, it's certainy true shutting down DLV is hard if people are using  
it. However it's not at all hard to want DLV shut down, whether it's  
used or not. :-) Though I don't think anyone was advocating on this  
thread DLV should be shut down. That's an entirely separate discussion.

IIUC the question that was asked was "why is ISC's DLV open for  
business to delegations in signed domains that have a validation path  
to the One True Trust Anchor?". If ISC's DLV truly is a half-way house  
for delegations that don't yet have a chain of trust to the root,  
perhaps it shouldn't be accepting entries for delegations that already  
have that validation path.

BTW, I understand but don't buy the answers about pre-SHA2 crypto and  
uncooperative registrars. They're just a variation on the problem of  
TLDs who can't/won't sign their zones: ie DLV gives them an easy  
excuse to sit on their hands.



More information about the Dnssec-deployment mailing list