This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/dns-wg@ripe.net/
[dns-wg] revised text for NTIA response - v4
- Previous message (by thread): [dns-wg] revised text for NTIA response - v4
- Next message (by thread): [dns-wg] revised text for NTIA response - v4
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Florian Weimer
fweimer at bfk.de
Thu Nov 6 12:06:30 CET 2008
> 10. The organization that generates the root zone file must sign the > file and therefore must hold the private part of the zone signing key. > > or > > 10. The organization that generates the root zone file must have > unfettered access to the zone signing key components. The second version seems to exclude storing the ZSK in an HSM. The first version is more ambiguous. In both cases, I don't quite see what the statement is supposed to mean. Does it advise against the introduction of yet another layer of indirection, by requiring that the organization which makes the final, technical content decision on the root zone (the "generator") also creates the digital signatures? -- Florian Weimer <fweimer at bfk.de> BFK edv-consulting GmbH http://www.bfk.de/ Kriegsstraße 100 tel: +49-721-96201-1 D-76133 Karlsruhe fax: +49-721-96201-99
- Previous message (by thread): [dns-wg] revised text for NTIA response - v4
- Next message (by thread): [dns-wg] revised text for NTIA response - v4
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ dns-wg Archives ]