On Thu, 25 Feb 2010, Eugene Crosser wrote:
Right now, as far as I am concerned, the main obstacle to more widespread adoption on DNSSEC is the lack of procedure to establish trust between your zone and the TLD. Even if my zone is signed, and it's in .org which is signed too, I have no (googlable) way to get my DS included into the TLD zone.
Registrars are working on this. It requires them to update EPP etc. I am not sure if .org already accepts DS records via EPP, but I know others (eg opensrs) have started taken steps to implement this in their interface to the users. There are some corner cases that need to be solved, such as what to do when a domain moves from one DNS zone operator to another. Usually private keys cannot be handed over, so this might require multiple DS record support, etc. See further http://dnsseccoalition.org/website/
Of course dlv.isc.org exsits, but I think it's publicly perceived as a testbed rather than a production anchor.
It is production, not a testbed. And useful for anyone who wants to put their DS into it. The only thing missing there is easy access to a bulk submission interface. Paul _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
