Re: [ga] Secure DNS

[Bob Davis <bob.davis@netzero.net>]

Harald and everyone,

Harald Alvestrand wrote:

> At 12:43 14/09/2000 -0700, Kent Crispin wrote:
> > > It appears likely we need an ICANN key and procedures for it to sign
> > > all TLD keys. Are those procedures worked out yet?
> >
> >Once again, most of this stuff is handled in the ops area of the IETF.
>
> The IETF gang are trying to make sure the technology works; it would be
> crazy to introduce DNS security on the root servers until we are 100% sure
> that we can do so without disrupting services.

  DNSSEC works now and has for some time now Harald.  It is implimented
on many nameservers currently as I believe you should know.  Disrupting
services is a concern true.  But DNSSEC would not be a culprit of such
disruption.

>
>
> Once the technology is ready, ICANN needs to decide on the procedures for
> generating keys, signing the root zone and so on.
> I *hope* these procedures are relatively uncontroversial; the biggest
> practical question is probably who shall hold the pieces of the root key,
> and how it should be secured against compromise and accidental loss.
>
> But I don't think we need to work out these procedures this year; there is
> still some work to be done before the stuff is ready.
>
>                  Harald
>
> --
> This message was passed to you via the ga@dnso.org list.
> Send mail to majordomo@dnso.org to unsubscribe
> ("unsubscribe ga" in the body of the message).
> Archives at http://www.dnso.org/archives.html

Bob Davis

_______________________________________________
Why pay for something you could get for free?
NetZero provides FREE Internet Access and Email
http://www.netzero.net/download/index.html
--
This message was passed to you via the ga-full@dnso.org list.
Send mail to majordomo@dnso.org to unsubscribe
("unsubscribe ga-full" in the body of the message).
Archives at http://www.dnso.org/archives.html