IETF Logo Mail Archive

Re: How do we get the whole world to upgrade to DNSSEC capable resolvers?

bmanning@vacation.karoshi.com Mon, 28 July 2008 03:39 UTC

Return-Path: <owner-namedroppers@ops.ietf.org>
X-Original-To: ietfarch-dnsext-archive@core3.amsl.com
Delivered-To: ietfarch-dnsext-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 12D853A6813; Sun, 27 Jul 2008 20:39:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.447
X-Spam-Level:
X-Spam-Status: No, score=-102.447 tagged_above=-999 required=5 tests=[AWL=0.153, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id t6T1D6z3qrtA; Sun, 27 Jul 2008 20:39:21 -0700 (PDT)
Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id 34D153A67AF; Sun, 27 Jul 2008 20:39:21 -0700 (PDT)
Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from <owner-namedroppers@ops.ietf.org>) id 1KNJTO-000Egx-ML for namedroppers-data@psg.com; Mon, 28 Jul 2008 03:32:34 +0000
Received: from [2001:478:6:0:230:48ff:fe11:220a] (helo=vacation.karoshi.com) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.69 (FreeBSD)) (envelope-from <bmanning@karoshi.com>) id 1KNJTK-000Ea1-BC for namedroppers@ops.ietf.org; Mon, 28 Jul 2008 03:32:33 +0000
Received: from karoshi.com (localhost.localdomain [127.0.0.1]) by vacation.karoshi.com (8.12.8/8.12.8) with ESMTP id m6S3V7up016551; Mon, 28 Jul 2008 03:31:07 GMT
Received: (from bmanning@localhost) by karoshi.com (8.12.8/8.12.8/Submit) id m6S3V7RH016550; Mon, 28 Jul 2008 03:31:07 GMT
Date: Mon, 28 Jul 2008 03:31:07 +0000
From: bmanning@vacation.karoshi.com
To: David Conrad <drc@virtualized.org>
Cc: bmanning@vacation.karoshi.com, DNSEXT WG <namedroppers@ops.ietf.org>
Subject: Re: How do we get the whole world to upgrade to DNSSEC capable resolvers?
Message-ID: <20080728033107.GA16527@vacation.karoshi.com.>
References: <4888FED2.6060204@NLnetLabs.nl> <E7388E94-D031-4059-91F9-1596A254E21C@ca.afilias.info> <20080725193101.GB8193@outpost.ds9a.nl> <BEADC795-3C76-407A-A979-2B0AAACE0328@ca.afilias.info> <20080725221002.GK29775@commandprompt.com> <OFF4F9438A.D83AC9AB-ON80257491.007DB303-C1257491.007FA301@nominet.org.uk> <20080726144111.GA5204@laperouse.bortzmeyer.org> <488B4F1B.2020104@ca.afilias.info> <20080726165934.GA29158@vacation.karoshi.com.> <A158F5F8-91F7-4FC9-82FF-16A7DBAE90EA@virtualized.org>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <A158F5F8-91F7-4FC9-82FF-16A7DBAE90EA@virtualized.org>
User-Agent: Mutt/1.4.1i
Sender: owner-namedroppers@ops.ietf.org
Precedence: bulk
List-ID: <namedroppers.ops.ietf.org>

On Mon, Jul 28, 2008 at 02:52:53AM +0100, David Conrad wrote:
> On Jul 26, 2008, at 5:59 PM, bmanning@vacation.karoshi.com wrote:
> >	how are you to -know- that the root has the "right" DS for .FR?
> 
> Because if the root didn't, then it would imply the NSes or glue could  
> also be wrong.  Same process will be used to vet requests to alter all  
> of these.
> 
> Regards,
> -drc

	sure.  the point that i tried to make was/is, that DS verification
	is critical ...  regardless of where in the heirarchy one finds oneself.

	end of the day, it depends on the validators configured TAs.

--bill

--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>

v2.23.0 | Report a Bug | By Email