[GTER] FW: .mil DNSSEC operational message
Rubens Kuhl
rubensk at gmail.com
Wed Sep 7 16:25:54 -03 2011
On Wed, Sep 7, 2011 at 4:00 PM, Cassell, James D CIV DISA NS233
<jcassell at nic.mil> wrote:
>
> The United States Department of Defense (DoD) has authorized the DoD Network
> Information Center (NIC) to sign the .mil zone using DNSSEC. The DoD NIC
> will sign the .mil zone using a phased implementation plan that will span a
> three (3) month period.
>
> The first phase will consist of signing the .mil zone with an unvalidatable
> key, similar to the method used to initially sign several other gTLDs, as
> well as the root zone.
>
> During the second phase, the .mil zone will be signed using a validatable
> key. However, this key will not be released to IANA for inclusion in the
> root zone until an operational test and assessment have been completed.
> Essentially, the .mil domain will remain an island (for DNSSEC purposes)
> during this phase.
>
> The third and final phase will consist of submitting the .mil key to IANA
> for publication in the Internet root zone to allow Internet-wide validation
> of .mil DNS responses.
>
> Tentative timeline to a signed .mil zone:
> Sep 14-Sep 18 .mil zone signed with an unvalidatable key
> Sep 19-Dec 11 .mil zone signed with an unpublished, validatable key
> Dec 12 .mil zone signed, and its DS record is included in the root
> zone
>
> This rollout is expected to be transparent to the Internet user community,
> however, if there are issues during this period, please contact the DoD NIC
> at 1-800-365-3642; +1 614-692-2708.
>
> Thank you,
> DoD NIC Administration
>
More information about the gter
mailing list