[NA-Discuss] Stability, Security, and Resilience of the DNS Review Team
John R. Levine
johnl at iecc.com
Thu Apr 7 15:44:10 UTC 2011
> I note that this statement calls for the new gTLD program to make DNSSEC
> optional rather than mandatory. (There are specific kinds of TLDs for which
> DNSSEC should be mandatory IMO, but that's outside the scope of this
> document)
Realistically, a handful of registry operators will provide the back ends
for all of the new TLDs, and they all can do DNSSEC, so there's litle
practical reason not to require it. End to end DNSSEC is not ready for
prime time, but the structure of a TLD is simple enough (just delegations
and glue records) that there's little technical risk.
Personally, I would like to require that registrars and registrants also
do full DNSSEC signing, since that will bring registrations in these
useless domains to a screeching halt.
Regards,
John Levine, johnl at iecc.com, Primary Perpetrator of "The Internet for Dummies",
Please consider the environment before reading this e-mail. http://jl.ly
More information about the NA-Discuss
mailing list