[dns-operations] .Org DNSSEC key management policy feedback

George Barwood george.barwood at blueyonder.co.uk
Sun Jun 21 16:03:38 UTC 2009

----- Original Message ----- 
From: "David Conrad" <drc at virtualized.org>
To: "George Barwood" <george.barwood at blueyonder.co.uk>
Cc: <dns-operations at lists.dns-oarc.net>
Sent: Sunday, June 21, 2009 3:50 PM
Subject: Re: [dns-operations] .Org DNSSEC key management policy feedback

> George,
> On Jun 20, 2009, at 11:38 PM, George Barwood wrote:
>> (2) "the public will need to update their validating resolvers with  
>> the new public portion of the .ORG zone key."
>> Surely not? Won't the .ORG DS record be published by IANA?
> Yes, but until the root is signed, people will still need to update  
> their trust anchors to reflect all the islands of trust, including the  
> TLDs, they want to validated.

Ah, yes, I see now that the statement is correct, but possibky mis-leading.

I think a prefix "Until the root zone is signed..." would be helpful.

> Regards,
> -drc

More information about the dns-operations mailing list