>> How much of the perceived problem is lack of signing by USG in your opin?

> icann can't make a change of this kind to the root zone without permission
> from a lot of people, definitely including its board and USG, probably
> including IAB or IESG, and possibly including its SSAC and RSSAC and GAC
> and ALAC committees. i don't know that USG is the last remaining
> approval, and for that matter i don't know if USG has been asked to
> approve anything.

Sorry, question incorrectly posed. How much of a perceived problem is
lack of signing of the root zone? IE if a magic wand was waved and the
root zone suddenly signed, how much of the problem would that fix? As
I think there may be other spells to cast which would give sufficient
band-aid without the root being signed (not involving ICANN or anyone
else signing the zone).

> suck though it may, we have to deploy dnssec. if icann can't sign the
> root zone then the TLDs and/or everybody else will have to make other
> arrangements, in which roy arends' DLVPTR work could be very important,
> or in which DLV could play a transition role. had we been able to bite,
> chew, and swallow dnssec, we could just use SIG(0) for stubs, and UDPPORT
> / QID predictability would not matter.

I think my question is then "is making other arrangements actually that
hard technically?..."

> i apologize for not making this case clearly enough when we launched DLV.
> i think most folks were so concerned about DLV being a power/glory grab
> that the merits and justifications and goals just didn't seem to register
> at all.

"... or does it boil down to a similar but different set of political
organisational problems to signing the root?"


to unsubscribe send a message to with
the word 'unsubscribe' in a single line as the message text body.