The National Telecommunications and Information Administration set a deadline of next week for receiving comments from industry and academia about how best to roll out DNSSEC on the DNS root zone. The IETF's sister organization -- the Internet Architecture Board -- submitted a comment this week to the NTIA offering suggestions for speedy and successful deployment of DNSSEC on the root servers.
Getting the root signed is the "800-pound gorilla in the middle of the room," says IETF participant Paul Hoffman, an Internet security expert who sent a comment to the NTIA "Let's say the root is signed tomorrow. Let's say all the important top-level domains are signed. It's still no good unless all of the domains are signed. You can't just deploy DNSSEC. You have to deploy it universally."