[arin-ppml] ARIN discontinuing DNSSEC capability to legacy holders

Paul Andersen paul at arin.net
Thu Oct 4 14:28:23 EDT 2018


I am personally fully committed to universal DNSSEC, and I believe  that this practice deleteriously affects all ARIN members, not just legacy ones. I hope that discussion on this list will indicate a clear community consensus, so that the board can ensure that staff act upon that input.



> On Oct 4, 2018, at 2:00 PM, Bill Woodcock <woody at pch.net> wrote:
>> On Oct 4, 2018, at 9:29 AM, Michael Sinatra <michael+ppml at burnttofu.net> wrote:
>> I have received word of an apparent change in ARIN operational policy...
>> ...no longer accepting DNSSEC DS records for reverse DNS for those resources that are not covered by RSA or LRSA.  This is a change from current operational practice, and it effectively disables the *community's* ability to validate reverse DNS for these holders.
> This is an unconscionable roll-back of a critical security feature of the Internet.  This cannot be allowed to move forward.
>                                -Bill
> _______________________________________________
> You are receiving this message because you are subscribed to
> the ARIN Public Policy Mailing List (ARIN-PPML at arin.net).
> Unsubscribe or manage your mailing list subscription at:
> https://lists.arin.net/mailman/listinfo/arin-ppml
> Please contact info at arin.net if you experience any issues.

More information about the ARIN-PPML mailing list