On Tue, Jun 13, 2006 at 10:27:49AM -0700, Randy Bush wrote:
if other non-delegators run dlv services, they will have the same issues.
Absolutely.
and if you are a delegator, why play dlv as you can directly sign?
I think Paul answered this question (it's because of the way DNSSEC-bis proves non-existence). I basically can't answer your other questions. I don't know the answers to most of them and don't want to guess at the others. And as for IANA applicability, I guess I'll have to give up and defer to you and DRC. It still sounds wonky to me that you would operate the root's authentication chain out-of-band like a DLV registry when in-band seems so much more useful and reliable. But clearly I don't know enough about the root's (scary) problems.
when charles mussisi flies from kampala to redwood city,
I think our staff in Europe are closer to Kampala than 950 Charter, and I assume at least one of them would be authorized, and I assume that there are some events somewhere that both Mr. Mussisi and some authorized member of our staff are likely to both attend. But if you would like to imagine for a moment that we actually require people to meet us in a faraday cage embedded 30 feet under the Arctic ice in an undisclosed location - just take a metal detector with you and knock on the ice when you think you've found us - then which of Paul's list of 5 other options would you prefer? Or is there a 6th? How soon can you start? That's an important open question in this dialogue. -- David W. Hankins "If you don't do it right the first time, Software Engineer you'll just have to do it again." Internet Systems Consortium, Inc. -- Jack T. Hankins