At 10:41 AM +1000 6/11/09, Mark Andrews wrote:
In message <p06240803c65430cf6e92@[10.10.10.117]>, Stephen Kent writes:
Joe,
You have argued that DNSSEC is not viable because it requires that
everyone adopt IANA as the common root.
Which isn't even a requirement. Alternate root providers just need
to get copy of the root zone with DS records and sign it with their
own DNSKEY records for the root.
ISP's that choose to use alternate roots might get complaints however
from their customers if they are validating the answers using the
trust-anchors provided by IANA. This however should be seen as a
good thing as the ISP can no longer tamper with the DNS without
being detected. If a ISP can convince all their customers that the
alternate roots are a good thing then this won't become a issue.
Fair point, although I think we all want to avoid the sort of
Balkionization that this suggests.
Steve
_______________________________________________
Ietf@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ietf