[dns-operations] Root zone DNSSEC deployment web site and technical status update

Florian Weimer fw at deneb.enyo.de
Sat Dec 19 11:29:09 UTC 2009


* Kim Davies:

> We have given a few presentations to TLD managers regarding our
> plans, for example:
> http://sel.icann.org/meetings/seoul2009/presentation-iana-27oct09-en.pdf.

"Key handling interactions will be modeled on current root zone
management process"

What are the timeframes involved?  Will there be emergency procedures?
(The process documented on the IANA web site seems to take quite a bit
of time.)

If there are no emergency procedures, vendors will have to implement
DS bypasses so that they can mitigate the impact of bad TLD
delegations.  (My concern is not just denial of service because of
validationq failures, but the increased network traffic validation
failures cause, which could impact everyone, not just those doing
validation, especially if some vendors roll out validation by
default.)



More information about the dns-operations mailing list