26 Aug
2005
26 Aug
'05
10:26 p.m.
Is .arpa signed? No. But it should be orders of magnitude easier to do that than get DLV to fly. :-) In principle IAB could sign .arpa tomorrow, assuming someone was able and willing to hold its KSKs. Don't forget "in-addr.arpa." and "ip6.arpa." - they delegate some of NCC's zones.
and don't forget that this does not scale. manual coordination to maintain trusted keys for 292 tlds just does not work. and that assumes that the tlds are signed, not counting all the thrid and ninth level zones that make noise when the zones above them are not signed. this does not fly until the root is signed. and that does not fly until there is a key management plan and technology for it. randy