Hello, Some nice big news for .com and .net. So ... when is .au going to make the same leap? Regards, Ben -------- Original Message -------- Subject: .com/.net DNSSEC operational message Date: Fri, 29 Oct 2010 10:47:24 -0400 From: Matt Larson <mlarson§verisign.com> To: nanog§nanog.org Over the next several months, VeriSign will deploy DNSSEC in the .net and .com zones. This message contains operational information related to the deployment that might be of interest to the Internet operational community. The .net DNSSEC deployment consists of the following major milestones: September 25, 2010: The .net registry system was upgraded to allow ICANN-accredited registrars to submit DS records for domains under .net. These DS records will not be published in the .net zone until the .net zone is actually signed. Each registrar will implement support for DNSSEC on its own schedule, and some registrars might be accepting DS records for .net domains now. October 29, 2010: A deliberately unvalidatable .net zone will be published. Following the successful use of this technique with the root DNSSEC deployment, VeriSign will publish a signed .net zone with the key material deliberately obscured so that it cannot be used for validation. Any DS records for .net domains that have been submitted by registrars will be published in the deliberately unvalidatable zone. December 9, 2010: The .net key material will be unobscured and the .net zone will be usable for DNSSEC validation. DS records for .net will appear in the root zone shortly thereafter. The .com DNSSEC deployment will occur in the first quarter of 2011 and will consist of the following major milestones: February, 2011: The .com registry system will be upgraded to allow ICANN-accredited registrars to submit DS records for domains under .com. These DS records will not be published in the .com zone until the .com zone is actually signed. March, 2011: A deliberately unvalidatable .com zone will be published. Any DS records for .com that have been submitted by registrars will be published in the deliberately unvalidatable zone. March, 2011: The .com key material will be unobscured and the .com zone will be usable for DNSSEC validation. DS records for .com will appear in the root zone shortly thereafter. If you have any questions or comments, please send email to info§verisign-grs.com or reply to this message. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 259 bytes Desc: OpenPGP digital signature URL: <http://lists.cynosure.com.au/mailman/private/dns/attachments/20101030/454b6a8e/attachment.pgp>Received on Fri Oct 29 2010 - 07:54:35 UTC
This archive was generated by hypermail 2.3.0 : Sat Sep 09 2017 - 22:00:10 UTC