Skip to main content

IAB to IANA – Request to IANA for status update on deployment of DNSSEC on IANA managed zones, 15 May 2006
statement-iab-2006-05-15-iab-request-to-iana-to-sign-dnssec-zones-00

Document Type IAB Statement
Title IAB to IANA – Request to IANA for status update on deployment of DNSSEC on IANA managed zones, 15 May 2006
Published 2006-05-15
Metadata last updated 2023-08-09
State Active
Send notices to (None)
statement-iab-2006-05-15-iab-request-to-iana-to-sign-dnssec-zones-00

Subject: DNSSEC on IAB related zones

Date: Tue, 9 May 2006 21:41:05 +0200

To: iana@iana.org

Cc: IAB <iab@iab.org>,

David Conrad <david.conrad@icann.org>

Dear David Conrad,

DNSSEC is a technology that has taken numerous years to develop and is now in early production deployment. The IAB is an administrative contact for a number of zones and we feel that we have an “example role” in deployment of IETF technology. There are a number of zones for which IANA is the technical and the IAB is administrational contact (.arpa, ip6.arpa, uri.arpa, and urn.arpa). We think that early introduction of DNSSEC on these zones, e.g. this calendar year, would provide incentive to third parties to also sign their zones and therefore might encourage further DNSSEC deployment. On the other hand we consider the maintenance of DNSSEC secured zones a purely technical issue in which the administrative contact has little say. Therefore please consider this mail as a request for a status update on steps taken on deployment of DNSSEC.

on behalf of the IAB,

–Olaf Kolkman

Olaf M. Kolkman

NLnet Labs

http://www.nlnetlabs.nl/

2nd ——————————————————————

From: David Conrad <david.conrad@icann.org>

Subject: Re: DNSSEC on IAB related zones

Date: Tue, 9 May 2006 13:44:10 -0700

To: “Olaf M. Kolkman” <olaf@NLnetLabs.nl>

Cc: IAB <iab@iab.org>

Dear Olaf,

I’m happy to provide a status update: we’ve thought about it but haven’t done anything as yet. However, we take this note as a statement by IAB that we should do more than think about it. What zones does IAB wish signed? Does IAB wish a role in the signing process? There are a bunch of other details that IANA can either make up on our own (e.g., key lifetime, a key per zone or one key for all IAB zones, etc.) or ask for you all. Will IAB designate someone to work with us as we figure out what we need to do to sign the appropriate zones?

Regards,

David Conrad

General Manager, IANA

3rd ——————————————————————

From: Olaf M. Kolkman <olaf@NLnetLabs.nl>

Subject: Re: DNSSEC on IAB related zones

Date: Mon, 15 May 2006 09:00:16 +0200

To: David Conrad <david.conrad@icann.org>

Dear David,

You wrote:

I’m happy to provide a status update: we’ve thought about it but

haven’t done anything as yet. However, we take this note as a

statement by IAB that we should do more than think about it. That is appreciated.

What zones does IAB wish signed?

All zones for which IAB has administrative and IANA has technical responsibility. These are: .arpa, ip6.arpa, uri.arpa and urn.arpa. Besides those zones there is will be a new zone based on a document currently in the RFC editor queue; iris.arpa. > Does IAB wish a role in the signing process? DNSSEC provides a cryptographic means for a receiver to check that the data received is the same data as was placed in the zone by the zone maintainer. Since IANA is the zone maintainer I would like us to treat DNSSEC as a purely technical issue which is completely managed by the “technical contact”

There are a bunch of other details that IANA can either make up on

our own (e.g., key lifetime, a key per zone or one key for all IAB

zones, etc.) or ask for you all. Will IAB designate someone to

work with us as we figure out what we need to do to sign the

appropriate zones?

The IAB entrusts IANA to work out the details and does not see a formal role except, perhaps, in the area of key-exchange between child and parent. This happens anywhere where DS RRs are to appear in IANA managed e.g in arpa for the e164, in-addr, iris, etc zones but also in iris.arpa for its children. This is an area where there are ‘administrational’ aspects and we probably need to work out some of the details. Obviously I’d be more than happy to act as an (informal) technical sparring partner and a formal interface to the IAB.

–Olaf