At Wed, 17 Mar 2004 14:47:15 +1100, Mark Andrews wrote: > At Mon, 15 Mar 2004 10:07:23 -0800, Alain Durand wrote: > > > > I too would like to see the reverse tree DNS being > > delegated. However, as there is no structure, the entire /8 to /48 > > address space would have to be within one single zone... I'm > > afraid we are going to create a monster zone that will be very > > difficult to sign with DNSsec. > > No it doesn't have to be within one zone. You can split > the namespace between as many zones / servers as are required > to make the job managable.
Furthermore, the signed unit in DNSSEC is an RRset, so it's almost always possible to sign incrementally (even during an emergency key rollover, if one has the foresight to generate spare keys and signatures in advance). > How this is done really should be left to the authority > which is managing the space. Unsurprisingly, I agree. -------------------------------------------------------------------- IETF IPv6 working group mailing list [EMAIL PROTECTED] Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
