On Mon, Oct 05, 2009 at 03:52:06PM +0100, Edward Lewis wrote:
I have a short time slot to discuss these slides on Thursday,
http://www.ripe.net/ripe/meetings/ripe-59/presentations/uploads/presentation...
but I want to try to get comments from people ahead of time.
i would have commented earlier, but they were presented in an even more propritary format than PDF. comments forthcoming.
The presentation is trying first collect requirements, not present a solution to a problem in DNSSEC management. Most of the discussion I have had on this is with a smallish circle of people involved in TLD registry operations which I fear is not inclusive enough.
In case you don't want to go through the slides, I'd like to ask these questions:
1. If you are planning to receive DS records for any reason, how do you plan to do it? (You don't have to be a TLD to need to do this.)
SYNC protocol.
2. If you are operating DNS for people and are considering DNSSEC, have you thought about how the DS record will be passed to your customers' zones parents?
yes - using SYNC.
3. If you operate a recursive server, where to do plan to get DNSSEC public keys (for example, ISC's DLV)?
the authoritiatve servers.
Although I have just 15 mins to run through the 35-odd slides, I really want to get input from various people while RIPE is in session - or via email.
-- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis NeuStar You can leave a voice message at +1-571-434-5468
As with IPv6, the problem with the deployment of frictionless surfaces is that they're not getting traction.