[dns-operations] .Org DNSSEC key management policy feedback
Roy Arends
roy at dnss.ec
Mon Jun 22 16:29:05 UTC 2009
On Jun 22, 2009, at 7:34 PM, João Damas wrote:
> you mean DNSSEC-signed. I would be happy with a PGP signature on the
> file, to be honest
Like:
ftp://rs.internic.net/domain/named.root
ftp://rs.internic.net/domain/named.root.sig
for instance
Kind regards,
Roy
>
> Joao
>
> On 21 Jun 2009, at 16:50, David Conrad wrote:
>
>> George,
>>
>> On Jun 20, 2009, at 11:38 PM, George Barwood wrote:
>>> (2) "the public will need to update their validating resolvers
>>> with the new public portion of the .ORG zone key."
>>>
>>> Surely not? Won't the .ORG DS record be published by IANA?
>>
>> Yes, but until the root is signed, people will still need to update
>> their trust anchors to reflect all the islands of trust, including
>> the TLDs, they want to validated.
>>
>> Regards,
>> -drc
>>
>> _______________________________________________
>> dns-operations mailing list
>> dns-operations at lists.dns-oarc.net
>> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
>
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
>
More information about the dns-operations
mailing list