[dns-operations] .Org DNSSEC key management policy feedback
george.barwood at blueyonder.co.uk
Sun Jun 21 16:03:38 UTC 2009
----- Original Message -----
From: "David Conrad" <drc at virtualized.org>
To: "George Barwood" <george.barwood at blueyonder.co.uk>
Cc: <dns-operations at lists.dns-oarc.net>
Sent: Sunday, June 21, 2009 3:50 PM
Subject: Re: [dns-operations] .Org DNSSEC key management policy feedback
> On Jun 20, 2009, at 11:38 PM, George Barwood wrote:
>> (2) "the public will need to update their validating resolvers with
>> the new public portion of the .ORG zone key."
>> Surely not? Won't the .ORG DS record be published by IANA?
> Yes, but until the root is signed, people will still need to update
> their trust anchors to reflect all the islands of trust, including the
> TLDs, they want to validated.
Ah, yes, I see now that the statement is correct, but possibky mis-leading.
I think a prefix "Until the root zone is signed..." would be helpful.
More information about the dns-operations