nanog mailing list archives
Re: .gov DNSSEC operational message - picking a fight
From: bmanning () vacation karoshi com
Date: Wed, 29 Dec 2010 16:36:30 +0000
On Wed, Dec 29, 2010 at 02:56:35PM +0000, Tony Finch wrote:
On 28 Dec 2010, at 22:46, bmanning () vacation karoshi com wrote:IMHO, key management should be able to use an OOB channel when the in-band is corrupted or overlaoded. Reliance on strictly the IB channel presumes there will be no problems with that channel. EVER. For me, I don't want to take that risk. YMMV of course.If normal DNS resolution fails to work then there's no point in getting the keys from another source since there's no data for them to validate.
oh resoultion works a treat. its the validation that gets hosed. :)
--bill
Current thread:
- .gov DNSSEC operational message Matt Larson (Dec 22)
- Re: .gov DNSSEC operational message Jay Ashworth (Dec 23)
- Re: .gov DNSSEC operational message Matt Larson (Dec 26)
- Re: .gov DNSSEC operational message Doug Barton (Dec 28)
- Re: .gov DNSSEC operational message - picking a fight bmanning (Dec 28)
- Re: .gov DNSSEC operational message - picking a fight Doug Barton (Dec 28)
- Re: .gov DNSSEC operational message - picking a fight Tony Finch (Dec 29)
- Re: .gov DNSSEC operational message - picking a fight bmanning (Dec 29)
- Re: .gov DNSSEC operational message Matt Larson (Dec 26)
- Re: .gov DNSSEC operational message Jay Ashworth (Dec 28)
- Re: .gov DNSSEC operational message Robert E. Seastrom (Dec 29)
- Re: .gov DNSSEC operational message Tony Finch (Dec 29)
- Re: .gov DNSSEC operational message Valdis . Kletnieks (Dec 29)
- Re: .gov DNSSEC operational message bmanning (Dec 29)
- Re: .gov DNSSEC operational message Tony Finch (Dec 30)
- Re: .gov DNSSEC operational message Jay Ashworth (Dec 30)
- Re: .gov DNSSEC operational message Jay Ashworth (Dec 23)
- Re: .gov DNSSEC operational message Jay Ashworth (Dec 28)
- Re: .gov DNSSEC operational message jamie rishaw (Dec 27)