In message , David Conrad
writes:
> On Sep 10, 2009, at 12:36 PM, Edward Lewis wrote:
> >>> Still, what it is attempting to do is within limits.
> >> And within the limits of local policy, that's fine. What is simply
> >> broken
> >> is having that local policy have global impact.
> >
> > The
In message <89290757-1889-4cc1-9879-40115fd82...@virtualized.org>, David Conrad
writes:
> Stephane,
>
> On Sep 8, 2009, at 1:32 PM, Stephane Bortzmeyer wrote:
> > You use the plural but there is today only one DLV registry in active
> > use.
>
> I was told previously that there was more than on
On Thu, 10 Sep 2009, David Conrad wrote:
Again, I am not objecting to people using DLV. I think it is ucky, but that's
just me. What I am objecting to is the suggestion made here that _before a
TLD that has submitted its keys to the ITAR rolls its keys, it must notify
the (potentially multiple
On Sep 10, 2009, at 12:36 PM, Edward Lewis wrote:
Still, what it is attempting to do is within limits.
And within the limits of local policy, that's fine. What is simply
broken
is having that local policy have global impact.
The local policy of "trusting DLV" is not having a global impact,
At 12:03 -0700 9/10/09, David Conrad wrote:
On Sep 8, 2009, at 1:19 PM, Edward Lewis wrote:
Correct me if I'm wrong, but the architecture of DNSSEC assumed (rightly or
wrongly) a single hierarchical deployment model.
Ok, if I must. DNSSEC does not assume a single hierarchical deployment
mod
On Sep 8, 2009, at 1:35 PM, Stephane Bortzmeyer wrote:
Perhaps the solution is to not use DLV?
Sure, every DNS resolver sysadmin should follow the various trust
anchors (remember there are not only TLD) and update them when they
change. And you claim it would be operationally easier and safer th
Stephane,
On Sep 8, 2009, at 1:32 PM, Stephane Bortzmeyer wrote:
You use the plural but there is today only one DLV registry in active
use.
I was told previously that there was more than one. Perhaps this was
mistaken. In any event, I don't believe DLV was designed to be
monopolistic.
On Sep 8, 2009, at 1:19 PM, Edward Lewis wrote:
Correct me if I'm wrong, but the architecture of DNSSEC assumed
(rightly or
wrongly) a single hierarchical deployment model.
Ok, if I must. DNSSEC does not assume a single hierarchical
deployment model. [...] but it was not until RFC 3008 that