[NA-Discuss] Stability, Security, and Resilience of the DNS Review Team

John R. Levine johnl at iecc.com
Thu Apr 7 15:44:10 UTC 2011

> I note that this statement calls for the new gTLD program to make DNSSEC
> optional rather than mandatory. (There are specific kinds of TLDs for which
> DNSSEC should be mandatory IMO, but that's outside the scope of this
> document)

Realistically, a handful of registry operators will provide the back ends 
for all of the new TLDs, and they all can do DNSSEC, so there's litle 
practical reason not to require it.  End to end DNSSEC is not ready for 
prime time, but the structure of a TLD is simple enough (just delegations 
and glue records) that there's little technical risk.

Personally, I would like to require that registrars and registrants also 
do full DNSSEC signing, since that will bring registrations in these 
useless domains to a screeching halt.

John Levine, johnl at iecc.com, Primary Perpetrator of "The Internet for Dummies",
Please consider the environment before reading this e-mail. http://jl.ly

More information about the NA-Discuss mailing list