[dns-operations] renesys blog: Identity Theft Hits the Root Name Servers

Frederico A C Neves fneves at registro.br
Wed May 21 14:49:51 UTC 2008

On Wed, May 21, 2008 at 10:22:27AM -0400, Edward Lewis wrote:
> At 14:14 +0200 5/21/08, Shane Kerr wrote:
> So, if we protect the root hints with signatures and plan to use keys 
> that roll, how do you roll the keys if you are already assuming the 
> hints are not also "rolled (in the client)?"  (And this will not 
> reach into the multitude of already deployed devices nor 
> implementations that eschew DNSSEC today.)

RFC 5011 is the current answer. Trustman present at DNSSEC-Tools is a
public implementation. 


More information about the dns-operations mailing list