Same answer to both questions: Yes, of course there has to be an administrative override, but it too has to be protected. A key ceremony is the accepted method. A sufficient set of people from a sufficient set of places. Needed to initiate key assignment, revoke, restore, etc.
Steve Sent from my iPhone > On Nov 13, 2025, at 9:42 AM, John R Levine <[email protected]> wrote: > > On Wed, 12 Nov 2025, Steve Crocker wrote: >> If the change to each TLD's portion of the root zone required the active >> participation of the TLD operator, and if the entire root zone were signed, >> it would then be impossible for the USG to force a change to the (signed) >> root. > > If a poorly managed ccTLD loses its key, what happens? Either their > delgation is frozen for all eternity, or there is some recovery scheme to > make changes without that key. We several decades of blockchain failures to > tell us why the first option is out of the question. > >> You argue the USG could require the USG root operators, E, G and H, to >> simply not respond to queries for .ru, .su, ."rho phi" or the USG could >> force distribution of a modified root zone that would be unsigned or have >> an invalid the signature. But I think everyone would quickly ignore the >> unsigned or invalidly signed root zone and remove the E G and H roots from >> their list of root servers. > > I have less confidence that people pay that much attention to what they're > seeing, but I also think that the question is ill formed. There's always > going to be an administrative override. > > Regards, > John Levine, [email protected], Taughannock Networks, Trumansburg NY > Please consider the environment before reading this e-mail. https://jl.ly _______________________________________________ DNSOP mailing list -- [email protected] To unsubscribe send an email to [email protected]
