[dns-operations] DNS self-updates (was: DNSSEC deployment incentives)
Tony Finch
dot at dotat.at
Thu Jun 20 09:58:03 UTC 2019
Mark Andrews <marka at isc.org> wrote:
>
> One can also extract the public key from a CERT to produce a KEY record and
> update the KEY RRset using the existing KEY when a CERT is updated using the
> private part of old CERT or just have a seperate key pair for this. The only
> thing a CERT gives you is trace back to a CA for the initial addition.
I don't think this is particularly easy with existing DNSSEC tools. It
would be nice to have a general-purpose thing for converting between
PEM/DER and DNSSEC key formats.
Tony.
--
f.anthony.n.finch <dot at dotat.at> http://dotat.at/
women and men working together
More information about the dns-operations
mailing list