[NA-Discuss] On the cost of application, and Joint Application Support related

Olivier MJ Crepin-Leblond ocl at gih.com
Mon Apr 4 18:41:29 UTC 2011


Le 04/04/2011 14:14, Eric Brunner-Williams a écrit :
> It is less than sufficient to comment, when the DAG has "DNSSEC is
> mandatory to implement", that "operators are encouraged to deploy
> DNSSEC from day one". The correct comment is "advised only when the
> utility of zone signing and key management justifies the cost, as with
> all other engineering choices". 

You will have probably just received the following:
Please note that Olivier Crépin-Leblond, ALAC Chairman, has extended the
call for comments on the draft ALAC Statement on the Public Call by the
Stability, Security and Resilience of the DNS Review Team (SSR-RT) *to
23:59 UTC on Wednesday, 6 April.*

I hope that this will give you and Patrick (and any other interested
parties) sometime to be able to amend the current statement to one which
is palatable to all parties. I understand that the statement as it
stands favours DNSSEC for everything, as seen from the discussion on the
Technical Issues WG list and the other solution is to favour choice,
"when the utility of zone signing and key management justifies the cost".

Having understood the logic of the pros & cons behind each choice, I'd
be inclined to say that insisting on DNSSEC for everyone would be a
top-down requisite, whilst giving the choice to the TLD owner is a
bottom-up process. I favour bottom-up. But that's my personal choice.

Now please can others chime in on this, before we run out of time on a
status quo? What are the risks (if any) to leaving the choice on DNSSEC
use to applicants & individual Registry choice?

Kind regards,


Olivier MJ Crépin-Leblond, PhD

More information about the NA-Discuss mailing list