sign it with a bad key or bad DS. this goes to SERVFAIL and its NXDOMAIN. -G
On Wed, Mar 29, 2017 at 9:48 AM, james woodyatt <j...@google.com> wrote: > Hi Terry, > > Clarifying questions here... > > On Mar 28, 2017, at 12:32, Terry Manderson <terry.mander...@icann.org> > wrote: > > > My summary of the situation is this. > > 1) .homenet _COULD_ be added to the special use domain registry based on > RFC6761 > > 2) The expected future operation of HOMENET resolution for DNSSEC validating > stub resolvers requires a break in the DNSSEC chain of trust. > > 3) To achieve "2", the document _additionally_ asks IANA to insert an > insecure delegation into the root zone > > > 4) The ask for "3" is not covered in IETF policy terms, in fact it tries to > put an entry into someone else's registry (the root zone), and will require > a set of collaborative discussions with the ICANN community and a new > process that handles this situation. There are no expectations that this > process will be defined in a reasonable time for the uses of HOMENET. > > > q1. What precisely about “3” is not covered in IETF policy terms? That the > document directs IANA to request a delegation in the root zone? Or that the > document directs IANA to request an *insecure* delegation in the root zone, > whereas a secure delegation *would* be adequately covered? Or both of these? > > q2. If the answer to q1 is that both aspects of “3” are not covered in IETF > policy terms, and that each one will require a set of collaborative > discussions with the ICANN community and new processes that handle each of > these situations, are there any expectations about which of the two > processes, if there are two and not just one, can be defined in a workable > period of time for HOMENET? > > --james woodyatt <j...@google.com> > > > > > _______________________________________________ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop > _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
