[NA-Discuss] Stability, Security, and Resilience of the DNS Review Team

[Evan Leibovitch]

The main counterpoint to this was raised, IIRC, by Eric. He may offer a
better take on this than I, but here's how I recall the point.

For those community-based TLD proposals from poorer economies -- the ones
for whom the JAS group has been formed to try to lower costs -- the use of
one of the big registry operators is *not* a given, and in these cases the
cost of implementing DNSSEC could be significant.

Not all TLD proposals exist just for the money. There are a number of well
meaning proposals that seek to duplicate the success of .cat to use a TLD as
a focal point for a cultural, ethnic or linguistic community. Some of these
may envision using other registry operations that may not assume DNSSEC --
in these cases, mandatory DNSSEC for all is part of a barrier to entry.

- Evan






On 7 April 2011 11:44, John R. Levine <johnl at iecc.com> wrote:

> I note that this statement calls for the new gTLD program to make DNSSEC
>> optional rather than mandatory. (There are specific kinds of TLDs for
>> which
>> DNSSEC should be mandatory IMO, but that's outside the scope of this
>> document)
>>
>
> Realistically, a handful of registry operators will provide the back ends
> for all of the new TLDs, and they all can do DNSSEC, so there's litle
> practical reason not to require it.  End to end DNSSEC is not ready for
> prime time, but the structure of a TLD is simple enough (just delegations
> and glue records) that there's little technical risk.
>
> Personally, I would like to require that registrars and registrants also do
> full DNSSEC signing, since that will bring registrations in these useless
> domains to a screeching halt.
>
> Regards,
> John Levine, johnl at iecc.com, Primary Perpetrator of "The Internet for
> Dummies",
> Please consider the environment before reading this e-mail. http://jl.ly
>



-- 
Evan Leibovitch, Toronto Canada
Em: evan at telly dot org
Sk: evanleibovitch
Tw: el56