On Sep 10, 2009, at 11:09 PM, Paul Wouters wrote:
On Thu, 10 Sep 2009, David Conrad wrote:
Again, I am not objecting to people using DLV. I think it is ucky,
but that's just me. What I am objecting to is the suggestion made
here that _before a TLD that has submitted its keys to the ITAR
rolls its keys, it must notify the (potentially multiple?) folks
who run a DLV registry, of which the TLD may have no knowledge, who
have harvested ITAR data and wait_. That's just crazy talk.
A TLD should do due diligence. I mean, its their core business. Its
the
ONLY thing they should do right. Make sure theit zone file works.
Paul. their zone file works. has worked. DLV was the problem. PR has
nothing to do with it. Stop blaming PR.
Even when this issue was found, they could have easilly added their
old
key to the zone to ensure DLV would work until it got updated.
Arguing there might be 15 unknown DLV's is kind of beside the point.
Reality is, there is only on DLV they need to worry about.
I'd recommend that domain holders who do NOT want their dnskey (or
hashed derivative) end up in some DLV, copyright their public keys. I
also recommend that, when submitting TLD DNSKEYS to IANA, IANA allows
option that the keys will NOT be published in their ITAR and solely be
distributed via the root zone (in that 6 month period when both exist).
Roy
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
