[NA-Discuss] On the cost of application, and Joint Application Support related

Michele Neylon :: Blacknight michele at blacknight.ie
Mon Apr 4 18:55:00 UTC 2011

On 4 Apr 2011, at 19:41, Olivier MJ Crepin-Leblond wrote:

> Eric,
> Le 04/04/2011 14:14, Eric Brunner-Williams a écrit :
>> It is less than sufficient to comment, when the DAG has "DNSSEC is
>> mandatory to implement", that "operators are encouraged to deploy
>> DNSSEC from day one". The correct comment is "advised only when the
>> utility of zone signing and key management justifies the cost, as with
>> all other engineering choices". 
> You will have probably just received the following:
> Please note that Olivier Crépin-Leblond, ALAC Chairman, has extended the
> call for comments on the draft ALAC Statement on the Public Call by the
> Stability, Security and Resilience of the DNS Review Team (SSR-RT) *to
> 23:59 UTC on Wednesday, 6 April.*
> I hope that this will give you and Patrick (and any other interested
> parties) sometime to be able to amend the current statement to one which
> is palatable to all parties. I understand that the statement as it
> stands favours DNSSEC for everything, as seen from the discussion on the
> Technical Issues WG list and the other solution is to favour choice,
> "when the utility of zone signing and key management justifies the cost".
> Having understood the logic of the pros & cons behind each choice, I'd
> be inclined to say that insisting on DNSSEC for everyone would be a
> top-down requisite, whilst giving the choice to the TLD owner is a
> bottom-up process. I favour bottom-up. But that's my personal choice.
> Now please can others chime in on this, before we run out of time on a
> status quo? What are the risks (if any) to leaving the choice on DNSSEC
> use to applicants & individual Registry choice?


It depends on how you view DNSSEC

If you view it as being a "pressing" issue that "needs" to be addressed everywhere in the DNS, then you'll probably want to have it in all TLDs

But, personally, I don't think that DNSSEC is as important as many other aspects of the DNS and if a registry operator does not want to offer it from day 0 then why force them?

Other technical issues are probably a lot more pressing, like IPv6, though some would argue that imposing IPv6 is a pre-requisite is too limiting for some applicants. Personally I'd disagree.

I'll go back to lurking now



Mr Michele Neylon
Blacknight Solutions
Hosting & Colocation, Brand Protection
ICANN Accredited Registrar
Intl. +353 (0) 59  9183072
US: 213-233-1612 
UK: 0844 484 9361
Direct Dial: +353 (0)59 9183090
Fax. +353 (0) 1 4811 763
Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty
Road,Graiguecullen,Carlow,Ireland  Company No.: 370845

More information about the NA-Discuss mailing list