[dns-operations] Outdated RIPE NCC Trust Anchors in Fedora Linux Repositories
regnauld at nsrc.org
Mon Feb 8 10:43:21 UTC 2010
Stephane Bortzmeyer (bortzmeyer) writes:
> > DLV does need a key in the first place...
> Same thing for the root. But only one key. It is more reasonable then
> to expect that people will track it.
"people" follow distribution update mechanismes. I need to be told
that that key needs to be updated (see other mail) or the system needs
to do it for me.
> > sign the root.
> It is done (well, almost done). Asking for the signature of the root
> is no longer necessary, this task is behind us. But what will it
> change? Nothing because the chain of trust does not go further. Now,
> you should ask for the DS records in the root, for the signature of
> .arpa, etc.
Yes, but DLV will still be required, I think.
More information about the dns-operations