In message <AANLkTikni86AOABGKIB1_jOeQe0Ou4swpGrS8H1MbmrQ@xxxxxxxxxxxxxx>, Phil lip Hallam-Baker writes: > Being able to verify signatures is of no value. > > The system only has value when you can act differently according to > whether the signature verifies or not. > > I keep asking, but nobody will tell me how I get the keys for my > domains into the TLD. Firstly you get DS records into the TLD not DNSKEY records. Secondly it is/will be by a mechanism similar to how you get NS records into the TLD. In other words go ask your registrar when they are going to support adding DS records and stop complaining here. This is not a technological problem. It is a business problem between you, your registrar and the registry. > This is not a trivial issue. There is a question of liability to be > addressed. So far ICANN and VeriSign Registry Services have addressed > the issue by booting it down the chain. But the system as a whole > cannot work until there is someone willing to accept the liability and > for that to happen they are going to require tools to manage their > litigation risk. How is the liability different from that of accepting NS records? DS records don't magically change the liability. Stuffing up either NS or DS records will break the delegation. > Does anyone know of a dotcom registrar offering key signing? > > Or is the big plan here that everyone who is not going to accept > liability keep complaining about how far behind the registrars are > until they are forced to act? Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@xxxxxxx _______________________________________________ Ietf mailing list Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf