> This DNSSEC Practice Statement (“DPS”) is a statement of security practices and provisions made by the Canadian Internet Registration Authority (CIRA). These practices and provisions are applied in conjunction with DNS Security Extensions (DNSSEC) in the Canadian country-code Top Level Domain (ccTLD), .CA.
> This DPS conforms to the template included in RFC 6841 . The approach described here is modelled closely on the corresponding procedures published in a corresponding DNSSEC Policy and Practice Statement published by .SE (The Internet Infrastructure Foundation) for the Swedish top-level domain, whose pioneering work in DNSSEC deployment is acknowledged.
To provide a means for stakeholders to evaluate the strength and
security of the DNSSEC chain of trust, an entity operating a DNSSEC-
enabled zone may publish a DNSSEC Practice Statement (DPS),
comprising statements describing critical security controls and
procedures relevant for scrutinizing the trustworthiness of the
system. The DPS may also identify any of the DNSSEC Policies (DPs)
it supports, explaining how it meets their requirements.
.au, .us, .com, .net, .gov, .io, etc all have the same challenges.