nanog mailing list archives
Re: America takes over DNS
From: David Conrad <drc () virtualized org>
Date: Mon, 2 Apr 2007 07:45:08 -0700
Hi,
Wouldn't the holder of these keys be the only ones able to spoof DNSSEC?
Yes. This is an assumption of DNSSEC, regardless of who signs the root. The implication of this (and the fact that emergency key rollover requires everyone on the planet with a validating resolver to update the root trust key manually) is that protecting the root key signing key is a bit important.
Rgds, -drc
Current thread:
- RE: America takes over DNS, (continued)
- RE: America takes over DNS michael.dillon (Apr 02)
- Re: America takes over DNS Stephane Bortzmeyer (Apr 02)
- RE: America takes over DNS michael.dillon (Apr 02)
- Re: America takes over DNS Stephane Bortzmeyer (Apr 02)
- RE: America takes over DNS michael.dillon (Apr 02)
- Re: America takes over DNS Peter Dambier (Apr 02)
- Re: America takes over DNS Stephane Bortzmeyer (Apr 02)
- Re: America takes over DNS J. Oquendo (Apr 02)
- RE: America takes over DNS michael.dillon (Apr 02)
- Re: America takes over DNS Jerry Dixon (Apr 02)
- Re: America takes over DNS David Conrad (Apr 02)
- Re: America takes over DNS Randy Bush (Apr 02)
- Re: America takes over DNS bmanning (Apr 02)
- Re: On-going Internet Emergency and Domain Names Chris L. Morrow (Apr 01)
- Re: On-going Internet Emergency and Domain Names Gadi Evron (Apr 01)
- Re: On-going Internet Emergency and Domain Names Joe Abley (Apr 02)
- Re: On-going Internet Emergency and Domain Names Gadi Evron (Apr 02)
- Re: On-going Internet Emergency and Domain Names Andy Johnson (Apr 02)
- Re: On-going Internet Emergency and Domain Names Chris L. Morrow (Apr 02)