Regardless of my personally agreeing with such a statement or not, here are my reactions to some of the bullets. At 15:01 +0400 10/29/08, Patrik Fältström wrote:
B - The addition of DNSSEC to the root zone must be recognised as a global initiative.
I'm unclear on the intent of the B statement. See my comment on E.
E - Any procedural changes introduced by DNSSEC should be aligned with the process for coordinating changes to and the distribution of the root zone.
In some interpretations of B & E, these two could be conflicting. I.e., B implies that the current state of root zone management is too centered in the US, E evokes a message encouraging the status quo. Mind you - I am not commenting on B or E, but my reading of the two leaves come confusion in my mind. Perhaps I am misunderstanding B and/or E as it is presented here.
F - Policies and processes for signing the root zone should make it easy for TLDs to participate.
As someone employed by a TLD registry, it's not clear to me how or why such rather internal matters of the root zone matter to my job. Again, not saying this is a bad statement, but it begs for more detail or direction. I am not saying that the policies and processes for signing the root should be closed to the public. I just don't see the relevance to the TLD.
J - The organisation that creates the zone file must hold the private part of the ZSK.
My guess is that the intention in J is to say "the org that creates the zone file is the sole possessor of the private ZSK(s) and *performs the signing function*." Otherwise it doesn't matter if the creator has the key at all.
K - Changes to the entities and roles in the signing process must not require a change of keys.
I technically disagree with that, if there is a change in the entity performing the zone signing, the private key material should not have to be transferred out in the transition. The private key material of concern here is the ZSK, not the KSK. -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis +1-571-434-5468 NeuStar Never confuse activity with progress. Activity pays more.