Dear Roy and IETF-ers:
A quick reaction to this document:
Good contribution: at last there is a documented proposition for the
view that DNSSEC root signature is strictly a technical management issue.
This document uses a two-tiered organization for root key management,
respectively handling the KSK private keys and ZSK private keys for
signature operations. Such a two-tiered organization is deemed to be
present in the final solution.
Maybe a difficulty lies in the selection of RZM as one of the two tiers.
The document author(s) should check if a current project at IANA is
indeed to integrate the RZM function in IANA operations. In view of the
possible merger of IANA and the RZM function, the document author(s)
should state what minimal conditions, in terms of institutional
independence, they expect between the two tiers of control over the
DNSSEC root keys.
Regards,
--
- Thierry Moreau
CONNOTECH Experts-conseils inc.
9130 Place de Montgolfier
Montreal, Qc
Canada H2M 2A1
Tel.: (514)385-5691
Fax: (514)385-5900
web site: http://www.connotech.com
e-mail: thierry.moreau@xxxxxxxxxxxxx
_______________________________________________
Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf