[dns-operations] DNSSEC in the Root Zone

Chris Thompson cet1 at cam.ac.uk
Wed Oct 7 10:37:46 UTC 2009

On Oct 6 2009, Joe Abley wrote:

>Hi all,
>Just a quick note to mention that earlier today Matt Larson and I  
>presented a high-level overview of the ongoing effort to sign the root  
>zone at the RIPE meeting in Lisbon. Slides for the presentation can be  
>found here:
>The presentation includes a timeline for DNSSEC to be fully  
>operational in the root zone, with a target live date of 1 July 2010.

The slides indicate an intention to use "signatures based on SHA-256"
from the word go. As draft-ietf-dnsext-dnssec-rsasha256-14.txt is still
in Last Call, and "the IESG plans to make a decision in the next few weeks"
about it, according to a recent namedroppers posting, one has to wonder
how well the proposed rollout schedule will interact with deployment of
support for RSASHA256 in nameserver software implementations.

Chris Thompson               University of Cambridge Computing Service,
Email: cet1 at ucs.cam.ac.uk    New Museums Site, Cambridge CB2 3QH,
Phone: +44 1223 334715       United Kingdom.

More information about the dns-operations mailing list