While I agree with Michele about DNSSEC, I do not agree about IPv6, the requirement for which is still, to my mind, primarily political. a. On 4 Apr 2011, at 13:55, Michele Neylon :: Blacknight wrote:
On 4 Apr 2011, at 19:41, Olivier MJ Crepin-Leblond wrote:
Eric,
Le 04/04/2011 14:14, Eric Brunner-Williams a écrit :
It is less than sufficient to comment, when the DAG has "DNSSEC is mandatory to implement", that "operators are encouraged to deploy DNSSEC from day one". The correct comment is "advised only when the utility of zone signing and key management justifies the cost, as with all other engineering choices".
You will have probably just received the following: Please note that Olivier Crépin-Leblond, ALAC Chairman, has extended the call for comments on the draft ALAC Statement on the Public Call by the Stability, Security and Resilience of the DNS Review Team (SSR-RT) *to 23:59 UTC on Wednesday, 6 April.*
I hope that this will give you and Patrick (and any other interested parties) sometime to be able to amend the current statement to one which is palatable to all parties. I understand that the statement as it stands favours DNSSEC for everything, as seen from the discussion on the Technical Issues WG list and the other solution is to favour choice, "when the utility of zone signing and key management justifies the cost".
Having understood the logic of the pros & cons behind each choice, I'd be inclined to say that insisting on DNSSEC for everyone would be a top-down requisite, whilst giving the choice to the TLD owner is a bottom-up process. I favour bottom-up. But that's my personal choice.
Now please can others chime in on this, before we run out of time on a status quo? What are the risks (if any) to leaving the choice on DNSSEC use to applicants & individual Registry choice?
Olivier
It depends on how you view DNSSEC
If you view it as being a "pressing" issue that "needs" to be addressed everywhere in the DNS, then you'll probably want to have it in all TLDs
But, personally, I don't think that DNSSEC is as important as many other aspects of the DNS and if a registry operator does not want to offer it from day 0 then why force them?
Other technical issues are probably a lot more pressing, like IPv6, though some would argue that imposing IPv6 is a pre-requisite is too limiting for some applicants. Personally I'd disagree.
I'll go back to lurking now
Regards
Michele
Mr Michele Neylon Blacknight Solutions Hosting & Colocation, Brand Protection ICANN Accredited Registrar http://www.blacknight.com/ http://blog.blacknight.com/ http://blacknight.mobi/ http://mneylon.tel Intl. +353 (0) 59 9183072 US: 213-233-1612 UK: 0844 484 9361 Direct Dial: +353 (0)59 9183090 Fax. +353 (0) 1 4811 763 ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,Ireland Company No.: 370845
------ NA-Discuss mailing list NA-Discuss@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/na-discuss
Visit the NARALO online at http://www.naralo.org ------