[dns-wg] DNSSEC trust anchors for unsigned zones
- Previous message (by thread): [dns-wg] DNSSEC trust anchors for unsigned zones
- Next message (by thread): [dns-wg] DNSSEC trust anchors for unsigned zones
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Joao Damas
Joao_Damas at isc.org
Wed Jan 30 13:10:56 CET 2008
On 30 Jan 2008, at 12:00, Jim Reid wrote: > On Jan 30, 2008, at 10:34, Alexander Gall wrote: > >> The current set of trust anchors distributed by RIPE NCC includes >> the domains >> >> disi.nl example.net pwei.net >> >> None of these currently have any DNSSEC resource records (i.e. they >> are insecure), which effectively brakes those zones for everybody who >> uses that particular set of trust anchors. > > Doesn't everyone check any third party's trust anchors before > configuring them into their secure resolvers? Sometimes. At other times I place trust in registries that do this for me (eg a DLV registry that I find I can trust). It's the same with SSL certificates, I have to trust the CA to do its job Joao
- Previous message (by thread): [dns-wg] DNSSEC trust anchors for unsigned zones
- Next message (by thread): [dns-wg] DNSSEC trust anchors for unsigned zones
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ dns-wg Archives ]