[dns-operations] Interim Trust Anchor Repository

Ondřej Surý ondrej.sury at nic.cz
Wed Feb 25 15:19:59 UTC 2009


On Wed, Feb 25, 2009 at 3:29 PM, Florian Weimer <fweimer at bfk.de> wrote:
> * Stephane Bortzmeyer:
>
>> On Tue, Feb 24, 2009 at 12:42:00PM +0100,
>>  Jaap Akkerhuis <jaap at NLnetLabs.nl> wrote
>>  a message of 18 lines which said:
>>
>>> Try a different server:
>>
>> Thanks, this works:
>>
>> % gpg --keyserver minsky.surfnet.nl --recv-key 81D464F4
>> % gpg  ~/tmp/ITAR/anchors.mf.sig
>>
>> But how to validate since the PGP key is not signed by third parties?
>
> But would a third party signature imply that the key is authorized to
> sign the ITAR (or that it's okay to use the signed data)?
>
> The OpenPGP signature still has value, to confirm that you got the
> current version from the same folks who made the previous versions.
> But the web of trust offers little additional help beyond that.

But it would be nice to be able to get it from:
https://www.icann.org/en/general/pgp-keys.htm#iana-itar
instead of plain
http://www.icann.org/en/general/pgp-keys.htm#iana-itar

So at least some "trust of chain" is in place.

Ondrej.
-- 
 Ondrej Sury
 technicky reditel/Chief Technical Officer
 -----------------------------------------
 CZ.NIC, z.s.p.o.  --  .cz domain registry
 Americka 23,120 00 Praha 2,Czech Republic
 mailto:ondrej.sury at nic.cz  http://nic.cz/
 sip:ondrej.sury at nic.cz tel:+420.222745110
 mob:+420.739013699     fax:+420.222745112
 -----------------------------------------



More information about the dns-operations mailing list