Oct. 12, 2020
6:51 a.m.
Fred Baker writes:
...
Speaking strictly for myself, I would argue, as you did in your email, that getting the root zone from another party has a safety issue in it - how do we know it has the right data? I could imagine an RSO downloading the relevant files to somewhere in its own cloud, and then distributing from there to its constellation. Doing so would offload the RZM source. But I would consider getting the first copy from anywhere else as unsafe.
i don't think the patient can be only a little bit pregnant. either the dns technical community considers dnssec proof against forgery, or we don't. what unsafety issue do you imagine which falls somewhere in the middle? vixie