Geoff, Ray, et al, Where, in your opinion, would the following two, fairly substantial, changes to the root zone update and distribution processes belong if they were to be pursued?
1. Transitioning to hyperlocal root zone access, as including designing and deploying the infrastructure to distribute copies of the root zone to, say, a million hyperlocal caches. 2. Redesign of the root zone update process to be fully encased in a tamperproof enclosure, with updates of each portion of the zone requiring cryptographic approval by the relevant TLD operator. A key ceremony equivalent would also exist for the exceptional cases to override the regular process, eg initiate a new TLD, replace lost device, etc. Thanks, Steve Sent by a Verified sender On Tue, Nov 11, 2025 at 9:58 AM Geoff Huston <[email protected]> wrote: > > On 12 Nov 2025, at 12:53 am, Ray Bellis <[email protected]> wrote: > > > > On 08/11/2025 20:30, Joe Abley wrote: > >> On 8 Nov 2025, at 15:19, Peter Thomassen > >> <[email protected]> wrote: > > > >>> We should clarify that the root must remain without an address > >>> record. > >> That definitely seems like truth. I am not sure whether this > >> document is the right place to say it out loud, but I don't have a > >> strong opinion. > > > > That's very likely in RZERC's remit, not IETF's. > > > > I doubt it Ray. Informally, I'd suggest that RZERC is there to formalise > conventional views of the content of the root zone - it's not supposed > to take the lead! If the IETF consensus process comes up with a > considered document that contemplates such a change to the content > of the root zone then I would guess its RZERC's role to follow in those > tracks with a proposal to formalise it. The path followed by ZONEMD > is a good example of this process. > > > > Geoff > (currently serving as Chair of RZERC, but not speaking for RZERC here) > > _______________________________________________ > DNSOP mailing list -- [email protected] > To unsubscribe send an email to [email protected] >
_______________________________________________ DNSOP mailing list -- [email protected] To unsubscribe send an email to [email protected]
