Olaf Kolkman said: "The IAB, obviously, favors expedient deployment of DNSSEC in the DNS root. In absence of such we understand that mechanisms such as DLV or the publication of lists with TLD trust anchors could aid deployment." The IAB has previously explained the need for a unique DNS root (RFC 2826); is there an equivalent document explaining the IAB's perspective on DNSSEC deployment? Requiring deployment of DNSSEC in the DNS root has the potential to run afoul of political and business issues that could prove to be stubbornly persistent. Given this, a thoughtful examination of alternatives such as DLV or TLD trust anchors would be quite valuable. "However, the IAB does not support the establishment of a domain under .arpa combined with a request from the IETF to IANA to establish such a service as that would implicitly be based on the MOU between RFC3172." While it is hard to find fault with the logic behind this conclusion, what we really need is a path forward that takes into account the political/business realities as well as the operational challenges for the affected parties. _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf