This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/dns-wg@ripe.net/
[dns-wg] DNSSEC trust anchors for unsigned zones
- Previous message (by thread): [dns-wg] DNSSEC trust anchors for unsigned zones
- Next message (by thread): [dns-wg] DNSSEC trust anchors for unsigned zones
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Jim Reid
jim at rfc1035.com
Wed Jan 30 12:00:38 CET 2008
On Jan 30, 2008, at 10:34, Alexander Gall wrote: > The current set of trust anchors distributed by RIPE NCC includes > the domains > > disi.nl example.net pwei.net > > None of these currently have any DNSSEC resource records (i.e. they > are insecure), which effectively brakes those zones for everybody who > uses that particular set of trust anchors. Doesn't everyone check any third party's trust anchors before configuring them into their secure resolvers? > I guess it would be more prudent for RIPE NCC to only distribute > the keys for their own zones Indeed. Can someone from the NCC please explain why these keys (which appear to have nothing to do with the NCC) are present? I think it's also regrettable that this file seems to mix keys that are presumably for experimental purposes -- testing in the likes of example.net (say) -- with operational ones. Thanks for catching this Alex. You've given an extra requirement for the Trust Anchor Repository Task Force to consider.
- Previous message (by thread): [dns-wg] DNSSEC trust anchors for unsigned zones
- Next message (by thread): [dns-wg] DNSSEC trust anchors for unsigned zones
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ dns-wg Archives ]