I hadn't been thinking there were other zones that might be subject to similar pressures. That said, if the demand is larger than I have been thinking of, so much the better. One criticism of creating a tamperproof (root) zone update system is the technology and operational realities of bespoke tamperproof hardware is trickier than it looks. A market of more than one will help support climbing up the learning curve.
Steve Sent from my iPhone > On Nov 13, 2025, at 2:17 PM, John R Levine <[email protected]> wrote: > On Thu, 13 Nov 2025, Kim Davies wrote: >> It seems the overarching concept is to implement technical mechanisms >> that limit the ability for someone to administer a zone with extreme >> deference to subordinate delegations. If that was a sound practice, I >> would think a general purpose mechanism that is promoted at all levels >> of the DNS should be considered rather than one specific to one zone. > > You have a point. I could see it being useful in a situation where you're > more worried about incompetence than malice. No, I don't care what that > consultant told you, you don't get to change this part of our DNS unless we > sign it with *our* key. > > R's, > John _______________________________________________ DNSOP mailing list -- [email protected] To unsubscribe send an email to [email protected]
