[LACNIC/Seguridad] Fwd: [dns-operations] .com/.net DNSSEC operational message
Carlos Martinez-Cagnazzo
carlosm3011 en gmail.com
Vie Oct 29 13:57:25 BRST 2010
Amigos,
comparto el timeline actual para la firma de las zonas .com y .net. Sin
lugar a dudas es un paso importante hacia la consolidacion del sistema de
DNS dado que son probablement las dos zonas genericas mas grandes.
slds,
Carlos
---------- Forwarded message ----------
From: Matt Larson <mlarson en verisign.com>
Date: Fri, Oct 29, 2010 at 12:46 PM
Subject: [dns-operations] .com/.net DNSSEC operational message
To: DNS-OARC DNS Operations <dns-operations en mail.dns-oarc.net>
Over the next several months, VeriSign will deploy DNSSEC in the .net
and .com zones. This message contains operational information related
to the deployment that might be of interest to the Internet
operational community.
The .net DNSSEC deployment consists of the following major milestones:
September 25, 2010: The .net registry system was upgraded to allow
ICANN-accredited registrars to submit DS records for domains under
.net. These DS records will not be published in the .net zone until
the .net zone is actually signed. Each registrar will implement
support for DNSSEC on its own schedule, and some registrars might be
accepting DS records for .net domains now.
October 29, 2010: A deliberately unvalidatable .net zone will be
published. Following the successful use of this technique with the
root DNSSEC deployment, VeriSign will publish a signed .net zone with
the key material deliberately obscured so that it cannot be used for
validation. Any DS records for .net domains that have been submitted
by registrars will be published in the deliberately unvalidatable
zone.
December 9, 2010: The .net key material will be unobscured and the
.net zone will be usable for DNSSEC validation. DS records for .net
will appear in the root zone shortly thereafter.
The .com DNSSEC deployment will occur in the first quarter of 2011 and
will consist of the following major milestones:
February, 2011: The .com registry system will be upgraded to allow
ICANN-accredited registrars to submit DS records for domains under
.com. These DS records will not be published in the .com zone until
the .com zone is actually signed.
March, 2011: A deliberately unvalidatable .com zone will be published.
Any DS records for .com that have been submitted by registrars will be
published in the deliberately unvalidatable zone.
March, 2011: The .com key material will be unobscured and the .com
zone will be usable for DNSSEC validation. DS records for .com will
appear in the root zone shortly thereafter.
If you have any questions or comments, please send email to
info en verisign-grs.com or reply to this message.
_______________________________________________
dns-operations mailing list
dns-operations en lists.dns-oarc.net
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
--
--
=========================
Carlos M. Martinez-Cagnazzo
http://cagnazzo.name
=========================
------------ próxima parte ------------
Se ha borrado un adjunto en formato HTML...
URL: <https://mail.lacnic.net/pipermail/seguridad/attachments/20101029/ddb9a81f/attachment.html>
Más información sobre la lista de distribución Seguridad