This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/dns-wg@ripe.net/
[dns-wg] Re: [dnssec-deployment] [dns-wg] RE: [dnssec-deployment] Ny nyckelsigneringsnyckel (KSK) för .SE - New key signing key (KSK) for .SE
- Previous message (by thread): [dns-wg] Re: [dns-wg] RE: [dnssec-deployment] Ny nyckelsigneringsnyckel (KSK) för .SE - New key signing key (KSK) for .SE
- Next message (by thread): [dns-wg] Re: [apnic-talk] AAAA records to be added for root servers
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Holger Zuleger
Holger.Zuleger at hznet.de
Mon Jan 7 14:24:22 CET 2008
> As a developer I have a question about revoke bits. > > In a DNSKEY RRset that revokes A and also has keys B and C. Does A sign > (A+B+C) or does the signature from A only sign A? In theory, only the signing of A is required, but don't care about the additional signing of B+C. > Signing more than simply A is nonsense, since the key is revoked. > And aids storing a presigned-self-revocation for emergency use. > However, that is not standard for RRset signatures. > > Do signatures from B and C sign (A+B+C) or (B+C) ? They have to sign (A+B+C) BTW, be aware of key tag changing if you set the revoke bit. Holger -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 5006 bytes Desc: S/MIME Cryptographic Signature URL: </ripe/mail/archives/dns-wg/attachments/20080107/bc4244bf/attachment.bin>
- Previous message (by thread): [dns-wg] Re: [dns-wg] RE: [dnssec-deployment] Ny nyckelsigneringsnyckel (KSK) för .SE - New key signing key (KSK) for .SE
- Next message (by thread): [dns-wg] Re: [apnic-talk] AAAA records to be added for root servers
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ dns-wg Archives ]