On Fri, 8 Sep 2006, Paul Vixie wrote: > > > This is not the case for RIPE (194.in-addr.arpa). RIPE uses e=3 for > > both ZSK and KSK. Hence an emergency trust anchor roll is needed. > > i'd argue that if 194.in-addr.arpa is not registered a DLV registry and > if in-addr.arpa is not itself signed, then the community of beneficiaries > of 194's signedness is so small that this cannot be called an emergency.
More and more people will setup their own trusted keys. We don't neeed DLV for that. I'd rather see RIPE test their emergency key rollover procedure now, then have them wait for a 'real' threat when people actually depend on its secure status. Paul . dnsop resources:_____________________________________________________ web user interface: http://darkwing.uoregon.edu/~llynch/dnsop.html mhonarc archive: http://darkwing.uoregon.edu/~llynch/dnsop/index.html
