On Tue, Jan 14, 2014 at 01:54:56PM -0500, Joe Abley wrote: > It's interesting to see that what was actually built in 2009/2010 is > largely compatible (at the high-level diagram level) with what was > proposed
I thought that was interesting too. > However, each RKO you add increases the operational risk that an SKR > from that RKO might not be obtained within the required window, > which puts zone publication in jeopardy. Good point. I think the idea is that this is a feature, because it's supposed to be the Mutually-Assured Destruction threat that will prevent the USG from unilaterally removing some country from the root zone (that seems to be the threat people are worried about. Why is left as an exercise for the reader. Note that I do not promise there is a solution to this exercise). > [If validators took the approach of installing trust anchors from > each and every RKO to mitigate this possibility, then they are > effectively saying "I'm happy so long as at least one RKO is happy > even if all the others are deeply miserable", which doesn't sound > like it achieves the document's objectives.] It _might_, if the idea were instead that validators used n of m. Ben Laurie had a not-completely-dissimilar idea for root TA distribution entered in the "rollover" competition back in 2006 or so. See http://tools.ietf.org/html/draft-laurie-dnssec-key-distribution-02. Thanks for the observations, which I think are quite helpful. A -- Andrew Sullivan a...@anvilwalrusden.com _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
