It seems I misunderstood you. I thought the TLD-level you were speaking of, referred to the TLD zones. Signing of the root zone is certainly easy. On Tue, 18 Jan 2005, at 16:18 [=GMT-0500], Milton Mueller wrote: > Marc: > Not quite sure whether a TLD wouild have helped panix yet, but I do > know that your analysis of Verisign and DNSSEC is not correct. The > reason DNSSEC cannot be implemented for .com is because there are so > many (tens of millions) of domain names in it. The processing > requirements of DNSSEC applied to that scale is a major problem. > > But the root zone, which contains TLD, does not now and never will > contain millions of records. > > >>> Marc Schneiders <[log in to unmask]> 1/18/2005 2:29:29 PM >>> > On Tue, 18 Jan 2005, at 12:04 [=GMT-0500], Milton Mueller wrote: > > > This incident underscores one of the reasons why ICANN should have a > > policy of regularly adding TLDs to make them available for those who > > need and can operate them. > > Though I agree about adding more TLDs, I don't see how it helps in > hijacking domains. > > > Businesses and noncommercial services that depend entirely on a > domain > > name may want to have the option of owning, rather than "renting," > their > > domain in order to increase security. > > Maybe we can learn something from the trade mark people here as > regards ownership of something that can also become defunct, if you > don't use it? > > > According to my imperfect > > understanding, it is easier to implement DNSSEC at the TLD level than > at > > the SLD level. > > I have little understanding of DNSSEC too. I do understand enough > about it, I think, to know that it would not have helped panix.com. > Also the implementation is most difficult precisely at the TLD level. > An engineer from VeriSign is the one who has time and again pointed > out (on IETF mailing lists, when I still had time to read them) that > the present protocol is impossible for a zone the size of .com. It > would take ages and a very, very powerful machine to sign it. > > Marc Schneiders > >