[dns-wg] What about the last mile, was: getting DNSSEC deployed
Lutz Donnerhacke lutz at iks-jena.de
Fri Feb 16 09:24:33 CET 2007
* Roy Arends wrote: > Note that with end user validation, and well established methods to update > the end users' certificate store, we might be well on our way. > > See also: http://dnss.ec/blog/?p=10 IBTD. You can run a caching validating on your own system. If you do not want this, you have to use a stub resolver. A stub resolver means, that you have a established link to an authenitcated resolver. This resolver has to do the DNSSEC validation. If your application want's to validate DNSSEC itself, ther exists a request format to get the responses unvalidated. Following this proposal in the blog, DNSSEC is dead.
[ dns-wg Archives ]