On Wed, 12 Nov 2025, Steve Crocker wrote:
If the change to each TLD's portion of the root zone required the active participation of the TLD operator, and if the entire root zone were signed, it would then be impossible for the USG to force a change to the (signed) root.
If a poorly managed ccTLD loses its key, what happens? Either their delgation is frozen for all eternity, or there is some recovery scheme to make changes without that key. We several decades of blockchain failures to tell us why the first option is out of the question.
You argue the USG could require the USG root operators, E, G and H, to simply not respond to queries for .ru, .su, ."rho phi" or the USG could force distribution of a modified root zone that would be unsigned or have an invalid the signature. But I think everyone would quickly ignore the unsigned or invalidly signed root zone and remove the E G and H roots from their list of root servers.
I have less confidence that people pay that much attention to what they're seeing, but I also think that the question is ill formed. There's always going to be an administrative override.
Regards, John Levine, [email protected], Taughannock Networks, Trumansburg NY Please consider the environment before reading this e-mail. https://jl.ly _______________________________________________ DNSOP mailing list -- [email protected] To unsubscribe send an email to [email protected]
