--On Wednesday, 29 August, 2007 16:43 -0700 David Conrad
<drc@xxxxxxxxxxxxxxx> wrote:
> If you start mucking about with production services that
> require configuration on the part of system administrators
> (particularly in the somewhat arcane world of DNSSEC trust
> anchors), it can become quite difficult to stop that
> production service without breaking stuff. Is this a place we
> want to go for a temporary hack?
David,
Are you prepared to answer the question as to when the plan for
getting the root signed as originally intended (whatever that
plan now is) is going to be executed?
To an outsider with no particular knowledge of what is going on,
the impression is that actual root-signing is receding at
approximately one month per month, if not a little more quickly.
If that were in fact the trend, and it were to continue, then
concerns about transition from a DLV-based mechanism to a signed
root would be largely irrelevant.
Conversely, if there were a definite plan for getting the root
signed within, say, the next few months, then it seems to me
that even discussing formalizing DLV mechanisms for the root by
having IANA create a new registry is a waste of time.
On the other hand, if there is no realistic plan and schedule,
and you don't like Sam's idea, do you have constructive
suggestions as to how it can be made acceptable?
I do not believe that "we should just wait until the root is
signed but are not able to say anything specific about when that
might be" is a useful response at this point. It might have
been a plausible position a year ago but, by now,...
john
_______________________________________________
Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf