[dns-operations] Online DNSSEC debugging tool now availalbe
bmanning at vacation.karoshi.com
bmanning at vacation.karoshi.com
Tue Jul 20 18:07:19 UTC 2010
On Tue, Jul 20, 2010 at 10:22:22AM -0700, David Conrad wrote:
> Bill,
> > well, as Ed pointed out, DNSSEC was designed with the idea that there would be "islands
> > of trust" - that the myth of a fully signed/linked heirarchy was just that.
>
> I always thought islands of trust was a transition model. Live and learn.
so is ARP. perhaps you could provide some guidance on the -length- of the
transition to a fullly signed DNS heriarchy? Will it be before or after
the transition from IPv4 to IPv6?
> > When I get a set of crypto tokens from my employer, including a SEP for their domain,
> > I expect they want me to use that key in preference to a chain of custody from one
> > or more third parties.
>
> Seems like pointless make work much more prone to entropy and which won't scale to me, but what do I know.
they seem to trade entropy for control.
> Regards,
> -drc
>
--bill
More information about the dns-operations
mailing list