nanog mailing list archives
Re: Root Zone DNSSEC Deployment Technical Status Update
From: Chris Adams <cmadams () hiwaay net>
Date: Fri, 16 Jul 2010 10:32:33 -0500
Once upon a time, Leo Bicknell <bicknell () ufp org> said:
Perhaps you could explain why the keys are being made available in formats that, as far as I can tell, no nameserver software on the planet uses? Pretty much 100% of the users will need a conversion from one of the 6 formats you provided, when you could have provided 6 example configs for the 6 most popular nameserver packages and covered 99% of the users with cut and paste.
There aren't 6 formats, there is just one format provided for the current trust anchor set: XML. A simple XSLT will transform it into any needed format. Individual trust anchors (there's only one at the moment) are provided in two formats: PKCS#10 (for signing) and X509 (signed by ICANN). There are also detached signatures (in PKCS#7 format for validation against the ICANN cert bundle and in OpenPGP format) of the XML anchor set file. This is all in the documentation in the same directory (in plain-text and HTML formats). -- Chris Adams <cmadams () hiwaay net> Systems and Network Administrator - HiWAAY Internet Services I don't speak for anybody but myself - that's enough trouble.
Current thread:
- Root Zone DNSSEC Deployment Technical Status Update Joe Abley (Jul 10)
- <Possible follow-ups>
- Root Zone DNSSEC Deployment Technical Status Update Joe Abley (Jul 14)
- Root Zone DNSSEC Deployment Technical Status Update Joe Abley (Jul 16)
- Re: Root Zone DNSSEC Deployment Technical Status Update Leo Bicknell (Jul 16)
- Re: Root Zone DNSSEC Deployment Technical Status Update Mike (Jul 16)
- Re: Root Zone DNSSEC Deployment Technical Status Update Chris Adams (Jul 16)
- Re: Root Zone DNSSEC Deployment Technical Status Update Tony Finch (Jul 16)
- Re: Root Zone DNSSEC Deployment Technical Status Update Joel Jaeggli (Jul 16)
- Re: Root Zone DNSSEC Deployment Technical Status Update Jeffrey Ollie (Jul 16)
- Re: Root Zone DNSSEC Deployment Technical Status Update Joel Jaeggli (Jul 16)
- Re: Root Zone DNSSEC Deployment Technical Status Update Tony Finch (Jul 18)
- Re: Root Zone DNSSEC Deployment Technical Status Update Bjørn Mork (Jul 22)
- Re: Root Zone DNSSEC Deployment Technical Status Update Leo Bicknell (Jul 16)
- Re: Root Zone DNSSEC Deployment Technical Status Update Chris Adams (Jul 16)
- Re: Root Zone DNSSEC Deployment Technical Status Update Edward Lewis (Jul 16)
- Re: Root Zone DNSSEC Deployment Technical Status Update Joe Abley (Jul 22)