[dns-operations] Online DNSSEC debugging tool now availalbe

bmanning at vacation.karoshi.com bmanning at vacation.karoshi.com
Tue Jul 20 18:07:19 UTC 2010

On Tue, Jul 20, 2010 at 10:22:22AM -0700, David Conrad wrote:
> Bill,
> > 	well, as Ed pointed out, DNSSEC was designed with the idea that there would be "islands
> > 	of trust" - that the myth of a fully signed/linked heirarchy was just that. 
> I always thought islands of trust was a transition model.  Live and learn.

	so is ARP. perhaps you could provide some guidance on the -length- of the 
	transition to a fullly signed DNS heriarchy?  Will it be before or after 
	the transition from IPv4 to IPv6?

> > 	When I get a set of crypto tokens from my employer, including a SEP for their domain,
> > 	I expect they want me to use that key in preference to a chain of custody from one
> > 	or more third parties.  
> Seems like pointless make work much more prone to entropy and which won't scale to me, but what do I know.

	they seem to trade entropy for control.

> Regards,
> -drc


More information about the dns-operations mailing list