[dns-wg] Framework for DNSSEC audits
- Previous message (by thread): [dns-wg] Framework for DNSSEC audits
- Next message (by thread): [dns-wg] Framework for DNSSEC audits
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Ralf Weber
Ralf.Weber at nominum.com
Mon Jan 6 17:18:42 CET 2014
Moin! On 06 Jan 2014, at 12:33, Matthijs Mekking <matthijs at NLnetLabs.nl> wrote: > This might be of interest to you. In collaboration with SWITCH, we have > developed a DNSSEC audit framework: > > http://www.nlnetlabs.nl/downloads/publications/dns-audit-framework-1.0.pdf > > The scope of the framework is largely based on the documents RFC 2870, > RFC 6841, RFC 6781 and the Secure Domain Name System (DNS) Deployment > Guide from NIST. > > Having this publicly available we believe it will improve the deployment > of DNSSEC. I admire your efforts and the document is well written from my quick glancing over it. But we IMHO need a big boilerplate upfront that this is not needed for deploying DNSSEC. The document might be good for TLD and registries/registrars with huge security requirements. But if we want to get widespread deployment we need to get further down the tree and wider. And my fear is that such a document can cause people to delay or not do DNSSEC deployments as the requirements (based on this document) are huge (none of my currently signed domains would pass an audit). I will add it to my reading list for a more detailed review. So long -Ralf --- Ralf Weber Senior Infrastructure Architect Nominum Inc. 2000 Seaport Blvd. Suite 400 Redwood City, California 94063 ralf.weber at nominum.com
- Previous message (by thread): [dns-wg] Framework for DNSSEC audits
- Next message (by thread): [dns-wg] Framework for DNSSEC audits
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ dns-wg Archives ]