On 21/11/2016 15:39, Andrew Sullivan wrote:
> If by "we (the community)" you mean "the names community", then I > agree. That's the main point I've been trying to make: the decisions > about what to put _in the root zone_ (which includes delegation data > of special-use names) is, as near as I can tell, entirely on ICANN's > turf. (I don't think the creation of special-use names at the root of > the namespace _is_ entirely on their turf, but actual data in the root > zone is quite different.) It is different, but it does appear to be required if we ever want functional DNSSEC validation of any special-use domain name that were to exist at the root of the namespace. Specifically, the main issue is that "normal" DNS servers will treat the current signed DNSSEC proof of non-existence of such a name as definitive (because of top-down validation rules) making it impossible to use the name. As has been mentioned before, there's (currently) no process for this, but that doesn't mean we can't ask. The lack of process doesn't mean it's impossible. Ray _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
