> > The alternative is to direct IANA to collect, maintain and > > distribute this information to the DLV operators in the > > absence of a signed root. This would give a trusted path > > for data entry into the general DLV trees. > > > > > > I don't see why the information would be distributed only to DLV > operators. Asking IANA to publish this data on a suitably updated > web page for the information of the community would enable > both DLV operators to use it as well as anyone who wanted to > configure those trust anchors without DLV. As others have put this, > a trust anchor registry outside the DNS may retain the basic > mechanisms of DNSSEC better, while allowing folks to move past the > current issues with a signed root. > > The underlying issue, of course, is how many TLD operators would > publish in a trust anchor registry if it is made available; hopefully > enough to provide convincing evidence that a signed root will > be worth the operational issues around protecting the keying > material. I'm more worried that providing this registry (whether > in DLV form or some other form) will either delay work on > signing the root or that the response will be so anemic that folks > will *assume* it would be similarly anemic in the case of signed root. > > In order of priority, in other words, my personal preferences are: > sign the root, put up a trust anchor registry outside the DNS, feed > the data to external DLVs, and set up a new DLV. The DLV operators only need this information up until the root is signed. Once the root is signed the root's DLV will go in and these will be removed. That reminds me. I should add a log message when we use the root's DLV record. It's a indication that it is time to add the root keys to the configuration file. > regards, > Ted > > _______________________________________________ > Ietf mailing list > Ietf@xxxxxxxx > https://www1.ietf.org/mailman/listinfo/ietf -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews@xxxxxxx _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf