Geoff Huston <gih@xxxxxxxxx> writes: > - is this just an ersatz root signing mechanism? Why is this appropriate > given that the alternative is simply a signed root zone? For me, this is a key question. It seems to me that the _only_ reason DLV (and this IANA action) is needed is to get around the fact that signing of DNSSEC zones is lagging. DLV and the registry is an attempt to get around that. Thus, it strikes me that this is embracing and extending DNSSEC. That might be OK, if the relevent DNS WGs agreed that DNSSEC needed such "help". But, as far as I can tell, the relevent DNS WGs have not embraced this approach. I would be troubled to see this go forward (with _any_ sort of IETF seal of approval), without the consensus of the relevant IETF DNS community behind it. Thomas _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf