On 9/5/19 2:07 PM, Paul Vixie wrote:
sam weiler argued unsuccessfully that trust should not be required to follow the delegation path, and with a decade or more of perspective i can see that he was right. however, DLV as specified and implemented would not be the mechanism i'd propose if non-hierarchical trust had to scale. right now private distribution of static trust anchors is working as well as it has to.
I remember scaring a bunch of people at a NANOG meeting by suggesting that we should have an alternate method of establishing trust, and that method should be non-hierarchical (or perhaps "counter-hierarchical"). I believe I used "DLV-like" to describe it and I remember the reactions I got (esp from Randy). My goal was to mitigate risk from anything that might cause the root KSK to become bolloxed, like a botched key roll.
Of course, the root KSK roll turned out to be a non-event, due to great preparation and plenty of other mitigating steps and ideas, so counter-hierarchical trust chains, outside of static TAs, don't seem necessary ATM.
TL;DR: Kill it. michael
