QR of root DS
. IN DS 19036 8 2 49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5  

To whom it may concern:

    The Domain Name System (DNS) -- the integral, critical part of the Internet's infrastructure that converts human-readable names to the information required for computers to communicate -- was designed in a kinder, gentler time.   It was a time free of cache poisoning, man-in-the-middle, and injection attacks.   That innocence has been lost and DNS-based attacks are a daily occurrence.   Sign the root. Thank you for signing the root.

    The technology to cryptographically verify the validity of DNS data exists.   Adoption is being hindered by the lack of a signed hierarchy.   Top-Level Domains (TLDs) that are signed are less likely to be verified without a signed root and other TLDs find this reason enough not to be signed.   Sign the root. Thank you for signing the root.

    DNS Security (DNSSEC) is an Internet standard defined by a set of RFCs.   Every major implementation of DNS server and recursive resolver software either already supports the complete set of RFCs or will do so shortly.   Sign the root. Thank you for signing the root.

    DNSSEC is not a panacea.  It will not stop all attacks, including denial of service attacks, any more than a life preserver will stop a bullet or a bicycle helmet will protect against a heart attack.  However, that is no reason not to use all of the technologies at our disposal to stop as many types of attacks as possible.   Sign the root. Thank you for signing the root.

    The root zone -- the list of Top Level Domains and associated records -- is small.   The resources required to sign the root are minimal.  Best practices are are well understood and operational procedures are actively being being tested by ICANN/IANA.   Sign the root. Thank you for signing the root.

    DNSSEC is international and has the backing of many countries, some of which have already signed their TLDs.   DNSSEC is also promoted by organizations that understand the need to protect both the global DNS and their slice of it, including the US Office of Management and Budget, US National Institute of Standards and Technology, and the US Departments of Homeland Security and Defense.   Sign the root. Thank you for signing the root.  

    The inertia that keeps the root from being signed is just that, inertia.   The technical and political ramifications have been discussed in public fora for years and it is clear that signing the root will neither change the existing underpinnings of the DNS management nor prevent it from changing in the future as it might without DNSSEC.   Sign the root. Thank you for signing the root.

    Now it is time to get all of the Top Level Domains, registrars, ISPs, and operating system and application vendors on board!

        Sincerely,

            Concerned Internet Users