[dns-operations] Interim Trust Anchor Repository
Ondřej Surý
ondrej.sury at nic.cz
Wed Feb 25 15:19:59 UTC 2009
On Wed, Feb 25, 2009 at 3:29 PM, Florian Weimer <fweimer at bfk.de> wrote:
> * Stephane Bortzmeyer:
>
>> On Tue, Feb 24, 2009 at 12:42:00PM +0100,
>> Jaap Akkerhuis <jaap at NLnetLabs.nl> wrote
>> a message of 18 lines which said:
>>
>>> Try a different server:
>>
>> Thanks, this works:
>>
>> % gpg --keyserver minsky.surfnet.nl --recv-key 81D464F4
>> % gpg ~/tmp/ITAR/anchors.mf.sig
>>
>> But how to validate since the PGP key is not signed by third parties?
>
> But would a third party signature imply that the key is authorized to
> sign the ITAR (or that it's okay to use the signed data)?
>
> The OpenPGP signature still has value, to confirm that you got the
> current version from the same folks who made the previous versions.
> But the web of trust offers little additional help beyond that.
But it would be nice to be able to get it from:
https://www.icann.org/en/general/pgp-keys.htm#iana-itar
instead of plain
http://www.icann.org/en/general/pgp-keys.htm#iana-itar
So at least some "trust of chain" is in place.
Ondrej.
--
Ondrej Sury
technicky reditel/Chief Technical Officer
-----------------------------------------
CZ.NIC, z.s.p.o. -- .cz domain registry
Americka 23,120 00 Praha 2,Czech Republic
mailto:ondrej.sury at nic.cz http://nic.cz/
sip:ondrej.sury at nic.cz tel:+420.222745110
mob:+420.739013699 fax:+420.222745112
-----------------------------------------
More information about the dns-operations
mailing list