<<<
Chronological Index
>>> <<<
Thread Index
>>>
Re: [ga] Secure DNS
At 12:43 14/09/2000 -0700, Kent Crispin wrote:
> > It appears likely we need an ICANN key and procedures for it to sign
> > all TLD keys. Are those procedures worked out yet?
>
>Once again, most of this stuff is handled in the ops area of the IETF.
The IETF gang are trying to make sure the technology works; it would be
crazy to introduce DNS security on the root servers until we are 100% sure
that we can do so without disrupting services.
Once the technology is ready, ICANN needs to decide on the procedures for
generating keys, signing the root zone and so on.
I *hope* these procedures are relatively uncontroversial; the biggest
practical question is probably who shall hold the pieces of the root key,
and how it should be secured against compromise and accidental loss.
But I don't think we need to work out these procedures this year; there is
still some work to be done before the stuff is ready.
Harald
--
This message was passed to you via the ga@dnso.org list.
Send mail to majordomo@dnso.org to unsubscribe
("unsubscribe ga" in the body of the message).
Archives at http://www.dnso.org/archives.html
<<<
Chronological Index
>>> <<<
Thread Index
>>>
|