nanog mailing list archives

Re: .gov DNSSEC operational message - picking a fight

From: Tony Finch <dot () dotat at>
Date: Wed, 29 Dec 2010 14:56:35 +0000

On 28 Dec 2010, at 22:46, bmanning () vacation karoshi com wrote:


   IMHO, key management should be able to use an OOB channel
   when the in-band is corrupted or overlaoded.  Reliance on
   strictly the IB channel presumes there will be no problems
   with that channel.  EVER.   For me, I don't want to take 
   that risk.  YMMV of course.


If normal DNS resolution fails to work then there's no point in getting the keys from another source since there's no 
data for them to validate.

Tony.
--
f.anthony.n.finch  <dot () dotat at>  http://dotat.at/

Current thread:

.gov DNSSEC operational message Matt Larson (Dec 22)
- Re: .gov DNSSEC operational message Jay Ashworth (Dec 23)
  - Re: .gov DNSSEC operational message Matt Larson (Dec 26)
    - Re: .gov DNSSEC operational message Doug Barton (Dec 28)
    - Re: .gov DNSSEC operational message - picking a fight bmanning (Dec 28)
    - Re: .gov DNSSEC operational message - picking a fight Doug Barton (Dec 28)
    - Re: .gov DNSSEC operational message - picking a fight Tony Finch (Dec 29)
    - Re: .gov DNSSEC operational message - picking a fight bmanning (Dec 29)
    - Re: .gov DNSSEC operational message Jay Ashworth (Dec 28)
    - Re: .gov DNSSEC operational message Robert E. Seastrom (Dec 29)
    - Re: .gov DNSSEC operational message Tony Finch (Dec 29)
    - Re: .gov DNSSEC operational message Valdis . Kletnieks (Dec 29)
    - Re: .gov DNSSEC operational message bmanning (Dec 29)
    - Re: .gov DNSSEC operational message Tony Finch (Dec 30)
    - Re: .gov DNSSEC operational message Jay Ashworth (Dec 30)
    - Re: .gov DNSSEC operational message Jay Ashworth (Dec 28)
  - Re: .gov DNSSEC operational message Florian Weimer (Dec 26)

(Thread continues...)