This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/dns-wg@ripe.net/
[dns-wg] Re: Outdated RIPE NCC Trust Anchors in Fedora Linux Repositories
- Previous message (by thread): [dns-wg] Re: Outdated RIPE NCC Trust Anchors in Fedora Linux Repositories
- Next message (by thread): [dns-wg] Re: Outdated RIPE NCC Trust Anchors in Fedora Linux Repositories
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Peter Koch
pk at DENIC.DE
Mon Feb 8 15:12:40 CET 2010
On Mon, Feb 08, 2010 at 09:01:23AM +0100, Stephane Bortzmeyer wrote: > Very bad idea because it does not scale: I, sysadmin of a validating > resolver, certainly cannot go to 42 different https Web pages to > extract the one and only authoritative information. well, this may not lead anywhere useful. If you "cannot" make the conscious decision to configure and maintain a set of trust anchors, then there's a variety of options, including "do nothing". This WG has made a statement regarding the unsolicited inclusion of trust anchors in "some" distribution mechanisms in the past and there was also the list of requirements for TARs, which included prior consent of the party responsible for the KSK/TA. Unfortunately, helpful deployment initiatives have turned into obstacles more than once. -Peter
- Previous message (by thread): [dns-wg] Re: Outdated RIPE NCC Trust Anchors in Fedora Linux Repositories
- Next message (by thread): [dns-wg] Re: Outdated RIPE NCC Trust Anchors in Fedora Linux Repositories
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ dns-wg Archives ]