Dear all, In case you have not noticed it yet, ICANN has on 24 July 2008 announced ( see: http://www.icann.org/en/announcements/announcement-24jul08-en.htm) the release of a paper on DNSSEC. The purpose of the paper is to: a) articulate ICANN's initiatives toward operational readiness for DNSSEC signing; and b) help determine the right structures so ICANN is "...prepared to digitally sign the root using DNSSEC technology by late 2008", as directed in the July 2008 - June 2011 ICANN Strategic Plan after consultation with stakeholders and having sought the necessary approvals. Specifically, this document is not a roadmap for DNSSEC deployment. In addition, in the announcement is mentioned that recently, a prominent security researcher privately reported two domain name system (DNS) vulnerabilities to many DNS name server developers. DNSSEC would be a solution to these vulnerabilities. The details of the vulnerabilities have not yet been disclosed publicly at this stage so that developers can produce patches to reduce the threat these vulnerabilities pose. Private disclosures of this kind also give DNS operators an opportunity to patch systems before the vulnerabilities can be exploited for malicious or criminal purposes. ICANN understands there will be a public announcement of these vulnerabilities by the researcher in coming weeks. This vulnerability does not affect root-level servers or services that provide authoritative name service at the top level. But it does represent a threat for domain name servers that operate between end users and the root; servers operated by Internet Service Providers or large enterprises. Commercial service providers in general are aware of this issue, and are working with vendors to update their software to the latest versions. Kind regards, Bart