Re: DNSSEC & the .EDU domain

["Memisyazici, Aras" <arasm () VT EDU>]

> > Well who is going to pay for the staff and systems to do the signing?

Open-Source it to EDU only and make sure team members are 'yay' high. i.e.
Certifications, degree(s), experience etc etc.

The Google Summer of Code project proved that there are plenty of good eager programmers out there that want to make a 
name for themselves...

As far as HW goes... SCHEV funding maybe? Donations? Shared Pool (i.e. Want to use DNSSEC? Donate HW or money) *shrug*

> > How much is required for the number of zones in the .edu domain space?

How much what? Money? See above if so...

> > How long does it take?

Depends on how efficient the system is designed and operated...

> > Who holds the keys?

Current admins of the .edu domain have not done anything wrong to betray my trust personally :)

> > What are the methodologies
for requesting a zone signing or resigning?

Somewhere between PCI and SSL strictness as far as scrutiny goes...

> > Do we allow anyone to
login to a webpage to get their zone signed?

See above :)

> > What happens when a
university password is used to get xyzzy.edu moved to servers in
middle snorbtzia?

Whatever happens when an SSL cert gets stolen! *clutch hair & scream circle in panic etc* :p

j/k of course... Revoke the cert, revert the move, re-sign, ensure "good passphrases" are being utilized, ensure 
certain password safety security measures and move on! Put measures in place to ensure last 2 are enforced... *hint 
PCI-level hint*

> > Who pays for, writes, and completes the software for
the extra confirmations?

See first answer...

In the end, we are an educational organization ppl... No need to make this any more bigger/meaner/complex'er than it 
needs to be... OS it, trust the 'right ppl', and move on :)

Sincerely,
Aras 'Russ' Memisyazici
Systems Administrator
Office of the Vice President of Research
Virginia Tech