[dns-operations] renesys blog: Identity Theft Hits the Root Name Servers
Frederico A C Neves
fneves at registro.br
Wed May 21 14:49:51 UTC 2008
On Wed, May 21, 2008 at 10:22:27AM -0400, Edward Lewis wrote:
> At 14:14 +0200 5/21/08, Shane Kerr wrote:
...
> So, if we protect the root hints with signatures and plan to use keys
> that roll, how do you roll the keys if you are already assuming the
> hints are not also "rolled (in the client)?" (And this will not
> reach into the multitude of already deployed devices nor
> implementations that eschew DNSSEC today.)
RFC 5011 is the current answer. Trustman present at DNSSEC-Tools is a
public implementation.
Fred
More information about the dns-operations
mailing list