Jobs for the Boys: DHS and the Root Zone
The Department of Homeland Security have a spec for signing the root. I’m sure they didn’t intend it to be (given the “NOT FOR FURTHER DISTRIBUTION” notice), but it is publicly available in a mailing list archive. In this spec they include the staffing requirements, which come to an astonishing 20 full-timers. Yes, 20 people to sign a zone that is currently 2,470 entries, for 1,193 names (most of which are glue) delegating a whole 265 domains.
Another part I find amusing (OK, I’m easily amused) is section 7.6 “Non-Scheduled Operations”.
A change in the KSK [Key Signing Key – the key everything else depends on] on the other hand takes a longer time as the new KSK has to be configured into resolvers all over with a world which can only take place after the operators of the resolvers have been convinced that the new KSK is valid.
So, “takes a longer time” is one way of putting it. Takes forever would be, perhaps, more accurate. I have a much better solution for this. But I guess it won’t be popular since it clearly makes the root redundant, and I’m sure ICANN, the DHS and the Department of Commerce wouldn’t like that. On the other hand, I think making the root irrelevant would fix a huge pile of stupidity that’s currently going on. And that would be a Good Thing.