Re: Root Zone DNSSEC Deployment Technical Status Update

[Chris Adams <cmadams () hiwaay net>]

Once upon a time, Leo Bicknell <bicknell () ufp org> said:
> Perhaps you could explain why the keys are being made available in
> formats that, as far as I can tell, no nameserver software on the
> planet uses?  Pretty much 100% of the users will need a conversion
> from one of the 6 formats you provided, when you could have provided
> 6 example configs for the 6 most popular nameserver packages and
> covered 99% of the users with cut and paste.

There aren't 6 formats, there is just one format provided for the
current trust anchor set: XML.  A simple XSLT will transform it into any
needed format.

Individual trust anchors (there's only one at the moment) are provided
in two formats: PKCS#10 (for signing) and X509 (signed by ICANN).  There
are also detached signatures (in PKCS#7 format for validation against
the ICANN cert bundle and in OpenPGP format) of the XML anchor set file.

This is all in the documentation in the same directory (in plain-text
and HTML formats).
-- 
Chris Adams <cmadams () hiwaay net>
Systems and Network Administrator - HiWAAY Internet Services
I don't speak for anybody but myself - that's enough trouble.