On Thu, 21 Aug 2008, David Conrad wrote: > Now, I've always thought a separate root infrastructure that you had > to opt in to would be a good way to go, but this quickly gets bogged > down in extremely annoying (at least to me) layer 9 politics and I'll > let someone else try to push that boulder up the mountain this time > (Who me? Bitter? Never).
I think a separate test infrastructure is a not just a "good way to go" but absolutely essential to properly test DNSSEC in the root. The root zone is the most important one and any idea that we'd just sign the root zone and hope for the best is madness and reckless. The discussion in this thread regarding DO makes this point better than I ever could. I don't believe the politics of a separate infrastructure in which to deploy a signed root that would generate enough traffic to get a feel for a signed root's impact are insurmountable and I am not only happy to start pushing boulder, I've already begun. Matt _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
