On 15 Dec 2017, at 11:24, Matt Larson <[email protected]> wrote: >> On Dec 15, 2017, at 10:37 AM, Joe Abley <[email protected]> wrote: >> >> In practical terms anybody who has a non-root trust anchor installed has a >> bidirectional operational relationship with the people who publish it. >> Synchronising that trust anchor, with the glorious benefit of a full list of >> relying parties and knowledge of how to interact with them, is a far cry >> from the situation we find ourselves in with the root zone. > > I'm not convinced that even in the scenario you describe the trust anchor > publisher could really count on knowing all the relying parties. And even if > they did, a mechanism to give visibility would still be desirable, even in > that controlled situation.
That seems fair. I was definitely speaking from a set of personal assumptions without any data; it's certainly possible that non-root trust anchors are widely deployed, however much I haven't seen it. Joe _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
