This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/dns-wg@ripe.net/
[dns-wg] DNSSEC trust anchors for unsigned zones
- Previous message (by thread): [dns-wg] DNSSEC trust anchors for unsigned zones
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Jim Reid
jim at rfc1035.com
Wed Jan 30 13:37:16 CET 2008
On Jan 30, 2008, at 12:10, Joao Damas wrote: >> Doesn't everyone check any third party's trust anchors before >> configuring them into their secure resolvers? > > Sometimes. At other times I place trust in registries that do this > for me (eg a DLV registry that I find I can trust). IMO Joao a DLV is a trust anchor. Sort of. :-) What I really meant by trust anchor was "something you stick in a config file to tell a resolver what keys to use for DNSSEC validation". In BIND9, that would be a trusted-keys{} statement or a dnssec-lookaside clause.
- Previous message (by thread): [dns-wg] DNSSEC trust anchors for unsigned zones
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ dns-wg Archives ]