nanog mailing list archives
Re: .gov DNSSEC operational message
From: Jay Ashworth <jra () baylink com>
Date: Thu, 23 Dec 2010 13:37:13 -0500 (EST)
----- Original Message -----
From: "Matt Larson" <mlarson () verisign com>
The new KSK will not be published in an authenticated manner outside DNS (e.g., on an SSL-protected web page). Rather, the intended mechanism for trusting the new KSK is via the signed root zone: DS records corresponding to the new KSK are already present in the root zone.
That sounds like a policy decision... and I'm not sure I think it sounds like a *good* policy decision, but since no reasons were provided, it's difficult to tell. Why was that decision taken, Matt? Cheers, -- jra
Current thread:
- .gov DNSSEC operational message Matt Larson (Dec 22)
- Re: .gov DNSSEC operational message Jay Ashworth (Dec 23)
- Re: .gov DNSSEC operational message Matt Larson (Dec 26)
- Re: .gov DNSSEC operational message Doug Barton (Dec 28)
- Re: .gov DNSSEC operational message - picking a fight bmanning (Dec 28)
- Re: .gov DNSSEC operational message - picking a fight Doug Barton (Dec 28)
- Re: .gov DNSSEC operational message - picking a fight Tony Finch (Dec 29)
- Re: .gov DNSSEC operational message - picking a fight bmanning (Dec 29)
- Re: .gov DNSSEC operational message Matt Larson (Dec 26)
- Re: .gov DNSSEC operational message Jay Ashworth (Dec 28)
- Re: .gov DNSSEC operational message Robert E. Seastrom (Dec 29)
- Re: .gov DNSSEC operational message Tony Finch (Dec 29)
- Re: .gov DNSSEC operational message Valdis . Kletnieks (Dec 29)
- Re: .gov DNSSEC operational message Jay Ashworth (Dec 23)