[DNS] Fwd: .com/.net DNSSEC operational message

[DNS] Fwd: .com/.net DNSSEC operational message

From: Ben McGinnes <ben§adversary.org>
Date: Sat, 30 Oct 2010 01:54:35 +1100
Hello,
	Some nice big news for .com and .net.  So ... when is .au
going to make the same leap?


Regards,
Ben


-------- Original Message --------
Subject: .com/.net DNSSEC operational message
Date: Fri, 29 Oct 2010 10:47:24 -0400
From: Matt Larson <mlarson&#167;verisign.com>
To: nanog&#167;nanog.org

Over the next several months, VeriSign will deploy DNSSEC in the .net
and .com zones.  This message contains operational information related
to the deployment that might be of interest to the Internet
operational community.

The .net DNSSEC deployment consists of the following major milestones:

September 25, 2010: The .net registry system was upgraded to allow
ICANN-accredited registrars to submit DS records for domains under
.net.  These DS records will not be published in the .net zone until
the .net zone is actually signed.  Each registrar will implement
support for DNSSEC on its own schedule, and some registrars might be
accepting DS records for .net domains now.

October 29, 2010: A deliberately unvalidatable .net zone will be
published.  Following the successful use of this technique with the
root DNSSEC deployment, VeriSign will publish a signed .net zone with
the key material deliberately obscured so that it cannot be used for
validation.  Any DS records for .net domains that have been submitted
by registrars will be published in the deliberately unvalidatable
zone.

December 9, 2010: The .net key material will be unobscured and the
.net zone will be usable for DNSSEC validation.  DS records for .net
will appear in the root zone shortly thereafter.


The .com DNSSEC deployment will occur in the first quarter of 2011 and
will consist of the following major milestones:

February, 2011: The .com registry system will be upgraded to allow
ICANN-accredited registrars to submit DS records for domains under
.com.  These DS records will not be published in the .com zone until
the .com zone is actually signed.

March, 2011: A deliberately unvalidatable .com zone will be published.
Any DS records for .com that have been submitted by registrars will be
published in the deliberately unvalidatable zone.

March, 2011: The .com key material will be unobscured and the .com
zone will be usable for DNSSEC validation.  DS records for .com will
appear in the root zone shortly thereafter.


If you have any questions or comments, please send email to
info&#167;verisign-grs.com or reply to this message.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 259 bytes
Desc: OpenPGP digital signature
URL: <http://lists.cynosure.com.au/mailman/private/dns/attachments/20101030/454b6a8e/attachment.pgp>
Received on Fri Oct 29 2010 - 07:54:35 UTC

This archive was generated by hypermail 2.3.0 : Sat Sep 09 2017 - 22:00:10 UTC