[dns-wg] Re: [db-wg] DNSSEC deployment on the reverse tree.
- Previous message (by thread): [dns-wg] Re: [db-wg] DNSSEC deployment on the reverse tree.
- Next message (by thread): [dns-wg] Re: [db-wg] DNSSEC deployment on the reverse tree.
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Olaf M. Kolkman
olaf at ripe.net
Wed Jul 6 09:44:04 CEST 2005
On Tue, 5 Jul 2005 15:28:50 -1000 Randy Bush <randy at psg.com> wrote: > hi olaf, > > for us simple-minded folk who do not track dnssec details, could > you tell us what trusted key(s) we will have to load to securely > verify the signed zones? and is there an idiot's howto? > Hello Randy, [Moved the discussion to dns-wg only, apologies for not setting the reply-to header] In the absence of a signed parent domain the trusted-keys will be made available through a secured web page. The keys will only be made available after we start signing the zone in production. Also see the last part of: http://www.ripe.net/rs/reverse/dnssec/key-maintenance-procedure.html For a howto on to configure a validating server see: http://www.ripe.net/projects/disi/dnssec_howto/ or: http://www.ripe.net/projects/disi/dnssec_howto/dnssec_howto.pdf I hope this answers your question. -- Olaf ---------------------------------| Olaf M. Kolkman ---------------------------------| RIPE NCC
- Previous message (by thread): [dns-wg] Re: [db-wg] DNSSEC deployment on the reverse tree.
- Next message (by thread): [dns-wg] Re: [db-wg] DNSSEC deployment on the reverse tree.
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ dns-wg Archives ]