On Nov 11, 2010, at 4:32 PM, Paul Hoffman wrote: > The request for signing the zone is a one-time thing, even if the zone > changes. You don't need new permission to sign each TLD when the information > changes, do you?
No, but you shouldn't underestimate the amount of layer-9 used food that must be processed to get even the one time thing done, particularly now with the current IANA functions contract approaching its sell-by date. >> Let's have >> a discussion of the merits, but, speaking on behalf of one of the >> organizations that operates the root zone infrastructure, I am opposed >> to signing root-servers.net any time within at least the next year. >> That's simply the conservative, operationally prudent course of >> action. > > Conservative, yes; operationally prudent, no. This type of thing can be > pre-tested fairly easily. For example, once .net starts signing, make a > private signing of root-servers.net and hand it out to friends and family and > watch for any anomalous results. I have a high level of confidence that folks at ICANN and VeriSign can and will come up with a quite effective testing regime for root-servers.net. They've done so for other inconsequential zones like the root in the past... To me, It doesn't make a whole lot of sense to sign root-servers.net before .net is signed. As long as there is commitment from relevant parties that root-servers.net will be signed within some fixed timeframe after .net is signed, I'd be satisfied. But that's just me... Regards, -drc _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
