Olaf Kolkman said:
"The IAB, obviously, favors expedient deployment of DNSSEC in the DNS
root.
In absence of such we understand that mechanisms such as DLV or the
publication of lists with TLD trust anchors could aid deployment."
The IAB has previously explained the need for a unique DNS root (RFC
2826); is there an equivalent document explaining the IAB's perspective
on DNSSEC deployment?
Requiring deployment of DNSSEC in the DNS root has the potential to run
afoul of political and business issues that could prove to be stubbornly
persistent. Given this, a thoughtful examination of alternatives such as
DLV or TLD trust anchors would be quite valuable.
"However, the IAB does not support the establishment of a domain under
.arpa combined with a request from the IETF to IANA to establish such a
service as that would implicitly be based on the MOU between RFC3172."
While it is hard to find fault with the logic behind this conclusion,
what we really need is a path forward that takes into account the
political/business realities as well as the operational challenges
for the affected parties.
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf