Note the new subject line; the previous had nothing to do with these topics.
On Nov 11, 2025, at 13:08, Steve Crocker <[email protected]> wrote: > > Where, in your opinion, would the following two, fairly substantial, changes > to the root zone update and distribution processes belong if they were to be > pursued? You are asking about Layer 8 or 9. My guesses are: > > 1. Transitioning to hyperlocal root zone access, as including designing and > deploying the infrastructure to distribute copies of the root zone to, say, a > million hyperlocal caches. The DNSOP WG would be the right place to specify how to do "hyperlocal root zone access", as it did for RFC 7706 and RFC 8806. It is unclear where work on transitioning to that mechanism would go. Maybe the IAB (it's architecture), maybe DNSOP (it's DNS operations), maybe a new WG (it's a departure, not an extension, to the current DNS), ... . > 2. Redesign of the root zone update process to be fully encased in a > tamperproof enclosure, with updates of each portion of the zone requiring > cryptographic approval by the relevant TLD operator. A key ceremony > equivalent would also exist for the exceptional cases to override the regular > process, eg initiate a new TLD, replace lost device, etc. Maybe the IAB (it's architecture), maybe DNSOP (it's DNS operations), maybe a new WG (it's a departure, not an extension, to the current DNS), ... . --Paul Hoffman _______________________________________________ DNSOP mailing list -- [email protected] To unsubscribe send an email to [email protected]
