[NA-Discuss] On the cost of application, and Joint Application Support related
avri at ella.com
Mon Apr 4 19:20:36 UTC 2011
While I agree with Michele about DNSSEC, I do not agree about IPv6, the requirement for which is still, to my mind, primarily political.
On 4 Apr 2011, at 13:55, Michele Neylon :: Blacknight wrote:
> On 4 Apr 2011, at 19:41, Olivier MJ Crepin-Leblond wrote:
>> Le 04/04/2011 14:14, Eric Brunner-Williams a écrit :
>>> It is less than sufficient to comment, when the DAG has "DNSSEC is
>>> mandatory to implement", that "operators are encouraged to deploy
>>> DNSSEC from day one". The correct comment is "advised only when the
>>> utility of zone signing and key management justifies the cost, as with
>>> all other engineering choices".
>> You will have probably just received the following:
>> Please note that Olivier Crépin-Leblond, ALAC Chairman, has extended the
>> call for comments on the draft ALAC Statement on the Public Call by the
>> Stability, Security and Resilience of the DNS Review Team (SSR-RT) *to
>> 23:59 UTC on Wednesday, 6 April.*
>> I hope that this will give you and Patrick (and any other interested
>> parties) sometime to be able to amend the current statement to one which
>> is palatable to all parties. I understand that the statement as it
>> stands favours DNSSEC for everything, as seen from the discussion on the
>> Technical Issues WG list and the other solution is to favour choice,
>> "when the utility of zone signing and key management justifies the cost".
>> Having understood the logic of the pros & cons behind each choice, I'd
>> be inclined to say that insisting on DNSSEC for everyone would be a
>> top-down requisite, whilst giving the choice to the TLD owner is a
>> bottom-up process. I favour bottom-up. But that's my personal choice.
>> Now please can others chime in on this, before we run out of time on a
>> status quo? What are the risks (if any) to leaving the choice on DNSSEC
>> use to applicants & individual Registry choice?
> It depends on how you view DNSSEC
> If you view it as being a "pressing" issue that "needs" to be addressed everywhere in the DNS, then you'll probably want to have it in all TLDs
> But, personally, I don't think that DNSSEC is as important as many other aspects of the DNS and if a registry operator does not want to offer it from day 0 then why force them?
> Other technical issues are probably a lot more pressing, like IPv6, though some would argue that imposing IPv6 is a pre-requisite is too limiting for some applicants. Personally I'd disagree.
> I'll go back to lurking now
> Mr Michele Neylon
> Blacknight Solutions
> Hosting & Colocation, Brand Protection
> ICANN Accredited Registrar
> Intl. +353 (0) 59 9183072
> US: 213-233-1612
> UK: 0844 484 9361
> Direct Dial: +353 (0)59 9183090
> Fax. +353 (0) 1 4811 763
> Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty
> Road,Graiguecullen,Carlow,Ireland Company No.: 370845
> NA-Discuss mailing list
> NA-Discuss at atlarge-lists.icann.org
> Visit the NARALO online at http://www.naralo.org
More information about the NA-Discuss