[dnssec-key-tf] agreements on the use of the repository

Previous message: [dnssec-key-tf] agreements on the use of the repository

Next message: [dnssec-key-tf] physical meeting at RIPE 55- again!

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Peter Koch
Fri Sep 7 15:30:44 CEST 2007

On Fri, Sep 07, 2007 at 02:15:20PM +0100, Jim Reid wrote:

> Peter what makes you think IANA can authenticate the TLD contact?  

please excuse my naïvety.

> their email about delegation matters. The whole process was much more  
> lightweight than getting the NCC to redelegate some chunk of in- 
> addr.arpa.

Yes, I know.  But IMHO there should at least be consistency, i.e. the TAR
should be fed by the same entity IANA believes to talk to when dealing with
other TLD matters.

> I think this key repository needs to have some sort of self- 
> authenticating bootstrap. ie IF you lodge some private key with the  
> repository AND there's a corresponding public key for that in the TLD  
> zone file THEN the repository trusts you. For some definition of trust.

Right, that's the necessary condition.  Our suggestion should include some
high level description of a technical check for the TA.
However, even if the TEL TLD were signed, _I_ should not be able to put
the TEL KSK into the TAR.

-Peter

Previous message: [dnssec-key-tf] agreements on the use of the repository

Next message: [dnssec-key-tf] physical meeting at RIPE 55- again!

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

[ Dnssec-key-tf Archive ]