In message <[email protected]>, Matt Larson writes : > On Tue, 09 Mar 2010, Wouter Wijngaards wrote: > > Also +1 for the consensus analysis about signing: not on the path of > > trust but still somewhat useful to do, but not add another TA for it. > > I have not seen any consensus emerge one way or another regarding > signing root-servers.net. > > Even after .net is signed (in Q4 2010), I don't believe it's a given > that root-servers.net should be signed. There is definitely a > trade-off between increased response size and the incremental benefits > of signing that needs to be weighed and evaluated. The answer is not > obvious (to me, anyway). Personally, I currently lean against signing > it.
I would sign it at the DURZ stage so that you weed out the sites that will have problems at this stage with large priming queries not later. > Matt > _______________________________________________ > DNSOP mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/dnsop -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: [email protected] _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
