In message <[email protected]>, Chris Thom pson writes: > We have had at least one person from ISC in the past saying they won't be > in any hurry to get rid of dlv.isc.org just because the root is signed. > [I'll try and find the reference(s) if anyone doubts that.] No doubt > they will stop importing the IANA ITAR into it at some stage, though.
I'll leave that for the DLV program manager. One should note that until a validator is upgraded to support SHA2 signatures that it will still need the DLV entries for the TLDs as the root will remain unsigned as far as that validator is concerned. > There's an interesting technical question about DLV in this context, by > the way. Would a DLV rrset at the apex (e.g. for dlv.isc.org) work as > a substitute for an explicit root zone trust anchor? Yes. Why would anyone think otherwise? Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: [email protected] _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
