nanog mailing list archives
Re: hat tip to .gov hostmasters
From: bmanning () vacation karoshi com
Date: Mon, 22 Sep 2008 15:19:46 +0000
On Mon, Sep 22, 2008 at 10:52:42AM -0400, Jason Frisvold wrote:
On Mon, Sep 22, 2008 at 10:34 AM, Scott Francis <darkuncle () gmail com> wrote:nice to see a wholesale DNSSEC rollout underway (I must confess to being a little surprised at the source, too!). Granted, it's a much more manageable problem set than, say, .com - but if one US-controlled TLD can do it, hope is buoyed for a .com rollout sooner rather than later (although probably not much sooner :)).I'm not much up on DNSSEC, but don't you need to be using a resolver that recognizes DNSSEC in order for this to be useful?/sf-- Jason 'XenoPhage' Frisvold XenoPhage0 () gmail com http://blog.godshell.com
yes and no. to fully trust the data from the servers you need three things: ) signed data (this is what .gov is doing) ) a validator in the end system (this is mostly missing/not configured today) ) accurate trust anchors from a couple of places in the DNS namespace ## however, if all you start with is signed data - it becomes possible to verify the source of the data - independently of inline DNS validation. e.g. you can - with a high degree of certainty, be assured that the root zone you load is really the ORSN root and not that flaky root from DoC/ICANN/VSGN... :) so "naked" signed data, in the absence of TA's or validators is still useful. ## you'll need a couple of these - and how you get them and keep them up to date is still a mostly unsolved operational problem. --bill
Current thread:
- Re: hat tip to .gov hostmasters, (continued)
- Re: hat tip to .gov hostmasters David Conrad (Sep 22)
- Re: hat tip to .gov hostmasters David Conrad (Sep 22)
- Re: hat tip to .gov hostmasters Simon Vallet (Sep 22)
- Re: hat tip to .gov hostmasters Chris Owen (Sep 22)
- Re: hat tip to .gov hostmasters Simon Vallet (Sep 22)
- Re: hat tip to .gov hostmasters Jason Frisvold (Sep 22)
- Re: hat tip to .gov hostmasters Michael Thomas (Sep 22)
- Re: hat tip to .gov hostmasters Scott Francis (Sep 22)
- RE: hat tip to .gov hostmasters Frank Bulk (Sep 23)
- Re: hat tip to .gov hostmasters Florian Weimer (Sep 22)
- Re: hat tip to .gov hostmasters bmanning (Sep 22)
- Re: hat tip to .gov hostmasters Kevin Oberman (Sep 22)
- Re: hat tip to .gov hostmasters Stephen Sprunk (Sep 22)
- RE: hat tip to .gov hostmasters Lindley James R (Sep 22)