[dns-operations] Outdated RIPE NCC Trust Anchors in Fedora Linux Repositories

Phil Regnauld regnauld at nsrc.org
Mon Feb 8 10:43:21 UTC 2010

Stephane Bortzmeyer (bortzmeyer) writes:
> > DLV does need a key in the first place...
> Same thing for the root. But only one key. It is more reasonable then
> to expect that people will track it.

	"people" follow distribution update mechanismes.  I need to be told
	that that key needs to be updated (see other mail) or the system needs
	to do it for me.

> > sign the root.
> It is done (well, almost done). Asking for the signature of the root
> is no longer necessary, this task is behind us. But what will it
> change? Nothing because the chain of trust does not go further. Now,
> you should ask for the DS records in the root, for the signature of
> .arpa, etc.

	Yes, but DLV will still be required, I think.


More information about the dns-operations mailing list