At 10:32 PM -0400 6/11/09, David Conrad wrote:
Hi,
On Jun 11, 2009, at 8:35 PM, Stephen Kent wrote:
But, in a DNSSEC environment, IANA performs two roles:
- it coordinates the info from the gTLDs and ccTLDs and constructs
the authoritative root zone file
- it signs the records of that file
Nope. Just to clarify things:
IANA (well, ICANN as the IANA functions operator) receives and
validates root zone changes.
VeriSign constructs and publishes the root zone to the root server operators.
In the context of DNSSEC, as documented at
http://www.icann.org/en/announcements/announcement-2-03jun09-en.htm,
VeriSign will have operational responsibility for the zone signing
key and ICANN will manage the key signing process.
David,
Thanks for the clarification. I just wanted to emphasize the two
distinct functions that IANA performs in the DNSSEC context, without
getting into the ZSK/KSK details and the current proposed split of
responsibility between IANA and VeriSign (which is outside the IETF
DNSSEC architecture, right?).
Steve
_______________________________________________
Ietf@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ietf