-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 19-04-11 18:48, Paul Wouters wrote: > On Tue, 19 Apr 2011, Marc Lampo wrote: > >> The average company does not offer hundreds of services on hundreds of IP >> addresses. > > > -1 for this recommendation. TLDs are not that special in size.
I aggree with Paul here. There are enough large zones out there that are not a TLD, but on a deeper level in the DNS. And they are just as important. There is no judgment to be made about importance. You just look at zone size, and the decision to use double-DS or double-signature should be made on the operational impact. For a small zone, double-signature may have almost the same impact as double-DS, and in that case a faster rollover with less parent interaction (double-signature) may be prefered. For a larger zone, the increase in size may not be neglected, and more parent interaction in the double-DS rollover may be prefered over the larger zone file. And again, if the rollover includes a change of DNS operator, Double-DS is the only way to go if you want to stay secure. - -- Antoin Verschuren Technical Policy Advisor SIDN Utrechtseweg 310, PO Box 5022, 6802 EA Arnhem, The Netherlands P: +31 26 3525500 F: +31 26 3525505 M: +31 6 23368970 mailto:[email protected] xmpp:[email protected] http://www.sidn.nl/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAEBAgAGBQJNrpgaAAoJEDqHrM883AgnI9YIAJ4HosM4Lk3Jjs4RsUVouMnd HURnqmQAy5r4Dx7N0dB+uIb13jlqByH7h/bRA/V8FSZA7GUlW5vS06ii0fmaIOdp qb5Y1sv9KwnP8NuSs5yhaiUEruGcmaZw77UtBQRBOKg+3ZQWA98PCDQFlefKwUSi sQYAJ6GOUIFO4XujvObrJuegwdr4eUzdxKQxkJnF+mJx9NaswarKSMtfYn0N/u9E 2zVxzZwLYIOHCeMsd4yrcV5+fAA3B9gGQOcfnjI8uqnFQyVmewIWOXypGZurS/gh 2T5/7CDOcZzvS7D7I8J7leuE5jTpdKSPFbx6wlL+ZPmJ55dYr0jMe4xJJYhf6IQ= =OQZZ -----END PGP SIGNATURE----- _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
