Hi,

Quoting Steve Crocker on Thursday November 13, 2025:
> Same answer to both questions: Yes, of course there has to be an 
> administrative override, but it too has to be protected.  A key ceremony is 
> the accepted method.  A sufficient set of people from a sufficient set of 
> places.  Needed to initiate key assignment, revoke, restore, etc.

Setting aside whether this is a good idea for the root zone specifically
(I have many thoughts), why would such an approach be specific to the
root zone?

It seems the overarching concept is to implement technical mechanisms
that limit the ability for someone to administer a zone with extreme
deference to subordinate delegations. If that was a sound practice, I
would think a general purpose mechanism that is promoted at all levels
of the DNS should be considered rather than one specific to one zone.

kim

_______________________________________________
DNSOP mailing list -- [email protected]
To unsubscribe send an email to [email protected]

Reply via email to