Peter Koch wrote:
On Wed, Nov 26, 2008 at 10:50:56AM -0500, Russ Housley wrote: I agree with others' views that validation alone is not very helpful and some frequently queried for domains' zones should be signed as part of that experiment. By IETF74, the IANA (I)TAR might also be available as one source of TLD trust anchors. Still that date might be too early to encourage end system validation, so adding validation and an "interesting" set of TAs to the meeting's recursive name servers is another option, even if on the WLAN we can't trust the path between stub and recursive resolver. However, I'd hope the limited time did not imply the proponent(s) offered a demonstration during the plenary ...
If I understand the thread, so far, there is a current reality that suffers from missing too many pieces of necessary DNSSec infrastructure, documentation, maybe software, and definitely training. Without all of these additional pieces, it's not reasonable to expect any sort of casual use -- even for "testing". However it might be possible to put enough pieces in place to exercise some interesting scenarios.
If the above is anywhere in the vicinity of correct, it would probably be helpful to formulate an actual project plan for this, complete with web-site, collaboration tools, etc. Absent something organized like this, the likelihood of producing anything useful at test-time would, apparently, be at risk.
Or am I misunderstand the disparity between current reality and necessary enhancements?
d/ -- Dave Crocker Brandenburg InternetWorking bbiw.net _______________________________________________ Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf