This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/dns-wg@ripe.net/
[dns-wg] Re: [db-wg] DNSSEC deployment on the reverse tree.
- Previous message (by thread): [dns-wg] Re: [db-wg] DNSSEC deployment on the reverse tree.
- Next message (by thread): [dns-wg] Re: [db-wg] DNSSEC deployment on the reverse tree.
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Olaf M. Kolkman
olaf at ripe.net
Wed Jul 6 09:44:04 CEST 2005
On Tue, 5 Jul 2005 15:28:50 -1000 Randy Bush <randy at psg.com> wrote: > hi olaf, > > for us simple-minded folk who do not track dnssec details, could > you tell us what trusted key(s) we will have to load to securely > verify the signed zones? and is there an idiot's howto? > Hello Randy, [Moved the discussion to dns-wg only, apologies for not setting the reply-to header] In the absence of a signed parent domain the trusted-keys will be made available through a secured web page. The keys will only be made available after we start signing the zone in production. Also see the last part of: http://www.ripe.net/rs/reverse/dnssec/key-maintenance-procedure.html For a howto on to configure a validating server see: http://www.ripe.net/projects/disi/dnssec_howto/ or: http://www.ripe.net/projects/disi/dnssec_howto/dnssec_howto.pdf I hope this answers your question. -- Olaf ---------------------------------| Olaf M. Kolkman ---------------------------------| RIPE NCC
- Previous message (by thread): [dns-wg] Re: [db-wg] DNSSEC deployment on the reverse tree.
- Next message (by thread): [dns-wg] Re: [db-wg] DNSSEC deployment on the reverse tree.
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ dns-wg Archives ]