It appears that Steve Crocker <[email protected]> said: >> Didn't it already do everything? It is now up to the OSes to use the >> protocols we defined? > >As more and more resolvers switch to using local copies of the root zone, >there may be a need to strengthen the process of providing those copies to >a very large set of resolvers. That's the part that is not yet scoped and >may need design and implementation.
Agreed, it's a scaling issue. >The primary purpose of such a design is to prevent improper forceful >removal of legitimate entries from the root zone. This is stronger than >detecting the problem after the fact. I don't think the history of technical approaches to political issues is very promising. At least three of the root servers are run by parts of the US government, so if they get a political command to, say, remove .VE from the root, they're going to do it. If it breaks part of DNSSEC, and different roots give different results, too bad. R's, John PS: I hope we all are familiar with https://xkcd.com/538/ _______________________________________________ DNSOP mailing list -- [email protected] To unsubscribe send an email to [email protected]
