At 12:28 PM +0200 9/17/10, W.C.A. Wijngaards wrote: >Are you sure that we want to create a cross-dependency on the https >security for the DNS security?
No, I am sure we don't want to create a forced cross-dependency on https. But that is far from the only choice. We are talking about two different scenarios mixed as one, and I think we should differentiate them: - The IANA trust anchor for the root - All other trust anchors, both "alternate roots" and lower-in-the-tree fixed points In the first case, we can rely on out-of-band fingerprints and so on being widely distributed in a reliable fashion. In the second case, we can make suggestions but we can't really rely on it. I am only interested in the first case. I could care less about alternate DNSSEC roots, and the people I know who care about distribution of lower-in-the-tree trust anchors have enough control of the affected systems to deal with missed rollovers. --Paul Hoffman, Director --VPN Consortium _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
