[dns-operations] .Org DNSSEC key management policy feedback
João Damas
joao at bondis.org
Mon Jun 22 16:42:24 UTC 2009
yes, but with an IANA key
Joao
On 22 Jun 2009, at 18:29, Roy Arends wrote:
>
> On Jun 22, 2009, at 7:34 PM, João Damas wrote:
>
>> you mean DNSSEC-signed. I would be happy with a PGP signature on
>> the file, to be honest
>
> Like:
>
> ftp://rs.internic.net/domain/named.root
> ftp://rs.internic.net/domain/named.root.sig
>
> for instance
>
> Kind regards,
>
> Roy
>
>>
>> Joao
>>
>> On 21 Jun 2009, at 16:50, David Conrad wrote:
>>
>>> George,
>>>
>>> On Jun 20, 2009, at 11:38 PM, George Barwood wrote:
>>>> (2) "the public will need to update their validating resolvers
>>>> with the new public portion of the .ORG zone key."
>>>>
>>>> Surely not? Won't the .ORG DS record be published by IANA?
>>>
>>> Yes, but until the root is signed, people will still need to
>>> update their trust anchors to reflect all the islands of trust,
>>> including the TLDs, they want to validated.
>>>
>>> Regards,
>>> -drc
>>>
>>> _______________________________________________
>>> dns-operations mailing list
>>> dns-operations at lists.dns-oarc.net
>>> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
>>
>> _______________________________________________
>> dns-operations mailing list
>> dns-operations at lists.dns-oarc.net
>> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
>>
>
More information about the dns-operations
mailing list