[dns-operations] DNSSEC in the Root Zone
Chris Thompson
cet1 at cam.ac.uk
Wed Oct 7 10:37:46 UTC 2009
On Oct 6 2009, Joe Abley wrote:
>Hi all,
>
>Just a quick note to mention that earlier today Matt Larson and I
>presented a high-level overview of the ongoing effort to sign the root
>zone at the RIPE meeting in Lisbon. Slides for the presentation can be
>found here:
>
>http://www.ripe.net/ripe/meetings/ripe-59/presentations/uploads/presentations/Tuesday/Plenary%2014:00/Abley-DNSSEC_for_the_Root_Zone.mId7.pdf
>
>The presentation includes a timeline for DNSSEC to be fully
>operational in the root zone, with a target live date of 1 July 2010.
The slides indicate an intention to use "signatures based on SHA-256"
from the word go. As draft-ietf-dnsext-dnssec-rsasha256-14.txt is still
in Last Call, and "the IESG plans to make a decision in the next few weeks"
about it, according to a recent namedroppers posting, one has to wonder
how well the proposed rollout schedule will interact with deployment of
support for RSASHA256 in nameserver software implementations.
--
Chris Thompson University of Cambridge Computing Service,
Email: cet1 at ucs.cam.ac.uk New Museums Site, Cambridge CB2 3QH,
Phone: +44 1223 334715 United Kingdom.
More information about the dns-operations
mailing list