Domain Name System Security Extensions (DNSSEC) 4 April 2013

Report: Signed Root Deployment – Framing the Issues (DNSSEC Industry Coalition, 2009)

Report on issues with signing the DNSSEC rootIn April 2013, Steve Crocker circulated this report with the following comment:

In June 2009, a year before the root was signed, the DNSSEC Industry Coalition, led by PIR, and the DNSSEC Deployment Initiative, held a symposium, Signed Root Deployment: Framing the Issues, to look at possible consequences of signing the root and the next steps after it was signed.

We had an excellent symposium and drafted a report.  Sadly, we couldn’t quite complete the editing process, so the draft lay unpublished, incomplete, since then.

The concerns expressed during the symposium about the consequences of a much larger root zone are now well behind us.  However, the sections on key distribution and use and on key rollover remain relevant, which is why we are pushing this draft out at this late date.

We are posting the report here at Steve’s request to make it available to the larger community.

Related articles

Building Trust 1 October 2017


The Domain Name System (DNS), the Internet’s addressing system, is the most critical component of the Internet infrastructure. As...

Deploy360 3 April 2017

Introduction to PKIs & CAs

In order to be trusted, the Internet must provide channels for secure and private communication between entities, which can...

Domain Name System (DNS) 31 December 2016

State of DNSSEC Deployment 2016

This report provides a snapshot of the state of deployment of DNSSEC as of the end of 2016. Please download...