Peter Koch wrote:
On Wed, Nov 26, 2008 at 10:50:56AM -0500, Russ Housley wrote:
I agree with others' views that validation alone is not very helpful and
some frequently queried for domains' zones should be signed as part of that
experiment. By IETF74, the IANA (I)TAR might also be available as one
source of TLD trust anchors.
Still that date might be too early to encourage end system validation, so
adding validation and an "interesting" set of TAs to the meeting's recursive
name servers is another option, even if on the WLAN we can't trust the path
between stub and recursive resolver. However, I'd hope the limited time
did not imply the proponent(s) offered a demonstration during the plenary ...
If I understand the thread, so far, there is a current reality that suffers from
missing too many pieces of necessary DNSSec infrastructure, documentation, maybe
software, and definitely training. Without all of these additional pieces, it's
not reasonable to expect any sort of casual use -- even for "testing". However
it might be possible to put enough pieces in place to exercise some interesting
scenarios.
If the above is anywhere in the vicinity of correct, it would probably be
helpful to formulate an actual project plan for this, complete with web-site,
collaboration tools, etc. Absent something organized like this, the likelihood
of producing anything useful at test-time would, apparently, be at risk.
Or am I misunderstand the disparity between current reality and necessary
enhancements?
d/
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf