Joe Abley <joe.abley@ican...> wrote:
> Since these are all junk domains of no global significance, it's hard to
> see how they could be signed. The expectation is (as currently) that
> they would not be.
And rightly so.
Since it is normal (especially for the RFC1918 zones) for sites to have
local versions of the zones, it is much easier operationally if the zones
are not signed. If they are signed then any site that overrides them would
have to distribute trust anchors to all validators, so that they are able
to resolve the local names without rejecting them as bogus. If the AS112
zones are not signed then distributing trust anchors for local versions is
optional, depending on whether the site wants to bother validating them.