On Tue, 09 Mar 2010, Wouter Wijngaards wrote: > Also +1 for the consensus analysis about signing: not on the path of > trust but still somewhat useful to do, but not add another TA for it.
I have not seen any consensus emerge one way or another regarding signing root-servers.net. Even after .net is signed (in Q4 2010), I don't believe it's a given that root-servers.net should be signed. There is definitely a trade-off between increased response size and the incremental benefits of signing that needs to be weighed and evaluated. The answer is not obvious (to me, anyway). Personally, I currently lean against signing it. Matt _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop