In message <20100309145352.gb5...@dul1mcmlarson-l1-2.local>, Matt Larson writes : > On Tue, 09 Mar 2010, Wouter Wijngaards wrote: > > Also +1 for the consensus analysis about signing: not on the path of > > trust but still somewhat useful to do, but not add another TA for it. > > I have not seen any consensus emerge one way or another regarding > signing root-servers.net. > > Even after .net is signed (in Q4 2010), I don't believe it's a given > that root-servers.net should be signed. There is definitely a > trade-off between increased response size and the incremental benefits > of signing that needs to be weighed and evaluated. The answer is not > obvious (to me, anyway). Personally, I currently lean against signing > it.
I would sign it at the DURZ stage so that you weed out the sites that will have problems at this stage with large priming queries not later. > Matt > _______________________________________________ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
