DNSO Archives: [ga]

ICANN/DNSO DNSO Mailling lists archives

[ga]

<<< Chronological Index >>> <<< Thread Index >>>

Re: [ga] Secure DNS

To: Kent Crispin <kent@songbird.com>, ga@dnso.org
Subject: Re: [ga] Secure DNS
From: Harald Alvestrand <Harald@Alvestrand.no>
Date: Fri, 15 Sep 2000 09:56:40 +0200
In-Reply-To: <20000914124327.C15063@songbird.com>
References: <39C122A8.10462379@storm.ca><39C122A8.10462379@storm.ca>
Sender: owner-ga@dnso.org

At 12:43 14/09/2000 -0700, Kent Crispin wrote:
> > It appears likely we need an ICANN key and procedures for it to sign
> > all TLD keys. Are those procedures worked out yet?
>
>Once again, most of this stuff is handled in the ops area of the IETF.

The IETF gang are trying to make sure the technology works; it would be 
crazy to introduce DNS security on the root servers until we are 100% sure 
that we can do so without disrupting services.

Once the technology is ready, ICANN needs to decide on the procedures for 
generating keys, signing the root zone and so on.
I *hope* these procedures are relatively uncontroversial; the biggest 
practical question is probably who shall hold the pieces of the root key, 
and how it should be secured against compromise and accidental loss.

But I don't think we need to work out these procedures this year; there is 
still some work to be done before the stuff is ready.

                 Harald

--
This message was passed to you via the ga@dnso.org list.
Send mail to majordomo@dnso.org to unsubscribe
("unsubscribe ga" in the body of the message).
Archives at http://www.dnso.org/archives.html

Follow-Ups:
- Re: [ga] Secure DNS
  - From: Rick H Wesson <wessorh@ar.com>

References:
- [ga] Secure DNS
  - From: Sandy Harris <sandy@storm.ca>
- [ga] Secure DNS
  - From: Sandy Harris <sandy@storm.ca>
- Re: [ga] Secure DNS
  - From: Kent Crispin <kent@songbird.com>

<<< Chronological Index >>> <<< Thread Index >>>