[NA-Discuss] Stability, Security, and Resilience of the DNS Review Team
evan at telly.org
Thu Apr 7 19:25:36 UTC 2011
The main counterpoint to this was raised, IIRC, by Eric. He may offer a
better take on this than I, but here's how I recall the point.
For those community-based TLD proposals from poorer economies -- the ones
for whom the JAS group has been formed to try to lower costs -- the use of
one of the big registry operators is *not* a given, and in these cases the
cost of implementing DNSSEC could be significant.
Not all TLD proposals exist just for the money. There are a number of well
meaning proposals that seek to duplicate the success of .cat to use a TLD as
a focal point for a cultural, ethnic or linguistic community. Some of these
may envision using other registry operations that may not assume DNSSEC --
in these cases, mandatory DNSSEC for all is part of a barrier to entry.
On 7 April 2011 11:44, John R. Levine <johnl at iecc.com> wrote:
> I note that this statement calls for the new gTLD program to make DNSSEC
>> optional rather than mandatory. (There are specific kinds of TLDs for
>> DNSSEC should be mandatory IMO, but that's outside the scope of this
> Realistically, a handful of registry operators will provide the back ends
> for all of the new TLDs, and they all can do DNSSEC, so there's litle
> practical reason not to require it. End to end DNSSEC is not ready for
> prime time, but the structure of a TLD is simple enough (just delegations
> and glue records) that there's little technical risk.
> Personally, I would like to require that registrars and registrants also do
> full DNSSEC signing, since that will bring registrations in these useless
> domains to a screeching halt.
> John Levine, johnl at iecc.com, Primary Perpetrator of "The Internet for
> Please consider the environment before reading this e-mail. http://jl.ly
Evan Leibovitch, Toronto Canada
Em: evan at telly dot org
More information about the NA-Discuss