[dns-wg] DNSSEC trust anchors for unsigned zones
- Previous message (by thread): [dns-wg] DNSSEC trust anchors for unsigned zones
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Jim Reid
jim at rfc1035.com
Wed Jan 30 13:37:16 CET 2008
On Jan 30, 2008, at 12:10, Joao Damas wrote: >> Doesn't everyone check any third party's trust anchors before >> configuring them into their secure resolvers? > > Sometimes. At other times I place trust in registries that do this > for me (eg a DLV registry that I find I can trust). IMO Joao a DLV is a trust anchor. Sort of. :-) What I really meant by trust anchor was "something you stick in a config file to tell a resolver what keys to use for DNSSEC validation". In BIND9, that would be a trusted-keys{} statement or a dnssec-lookaside clause.
- Previous message (by thread): [dns-wg] DNSSEC trust anchors for unsigned zones
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ dns-wg Archives ]