+--On 14 novembre 2009 10:52:00 +0900 Stephane Bortzmeyer <bortzmeyer@nic.fr> wrote: | On Fri, Nov 13, 2009 at 05:57:36PM -0500, | Paul Wouters <paul@xelerance.com> wrote | a message of 15 lines which said: | |> Only if you're willing to wait 2 years on .com to get signed. | | If you have a ".com", you will need to wait for ".com" to be signed + | for ".com" to accept DS records (for most TLD which were signed, there | was a non-trivial delay here) + for your registrar to accept and relay | DS records (the experience with AAAA glue records makes me pessimistic | here). | | So, yes, saying we won't need DLV after the root is signed is | short-sighted. Ok, I should have been more specific, I meant when the root is signed and I can verify the signatures all the way down. Of course DLV will be very useful in the years to come. -- Mathieu Arnold who's just had to remove DNSSEC from a few zones because of qmail.