On Thu, 11 Nov 2010, Andrew Sullivan wrote: > I think these discussions waste a lot of time, and so as a purely > tactical measure it strikes me that we could shut down that line of > argument by just signing the data.
So we should alter critical infrastructure to stifle argument and, by extension, for "optics"? That's no way to run a railroad. The effort of signing root-servers.net is non-trivial and will involve layer nine. (Change authorization for this zone rests with the U.S. DoC NTIA, the same as the root zone.) Further, we just got the root signed not even six months ago and more big DNSSEC changes are still to come: a signed .net is right around the corner and a signed .com is coming early next year. If there is desire to change critical infrastructure that's part of a system that we're still getting operational experience with, the justification needs to be better than "let's just do it". Let's have a discussion of the merits, but, speaking on behalf of one of the organizations that operates the root zone infrastructure, I am opposed to signing root-servers.net any time within at least the next year. That's simply the conservative, operationally prudent course of action. Matt _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
