Hi, Quoting Steve Crocker on Thursday November 13, 2025: > Same answer to both questions: Yes, of course there has to be an > administrative override, but it too has to be protected. A key ceremony is > the accepted method. A sufficient set of people from a sufficient set of > places. Needed to initiate key assignment, revoke, restore, etc.
Setting aside whether this is a good idea for the root zone specifically (I have many thoughts), why would such an approach be specific to the root zone? It seems the overarching concept is to implement technical mechanisms that limit the ability for someone to administer a zone with extreme deference to subordinate delegations. If that was a sound practice, I would think a general purpose mechanism that is promoted at all levels of the DNS should be considered rather than one specific to one zone. kim _______________________________________________ DNSOP mailing list -- [email protected] To unsubscribe send an email to [email protected]
