nanog mailing list archives

Re: DANE of SMTP Survey

From: Mark Tinka <mark@tinka.africa>
Date: Tue, 8 Jun 2021 12:39:23 +0200



On 6/3/21 23:41, babydr DBA James W. Laferriere wrote:

The Signing of the 'Zone' , Can the 'Zone' be signed by aself-signed key ? Or MUST I (and others) rely on a externalcertificate authority ?
Mind you I notice in rfc6487 (note(s)) about self-signedcertificates . So Maybe I am being a bit over worried about having to spend moremoney just to keep my 2 ip-ranges routing in light of the RPKIinitative(s) .
    Which Mr. Andrews response below answers quite succinctly ,


Indeed! Thanks, Mark.

Yeah, it's never been obvious or apparent to me that self-signed keysfor DNSSEC would not be honoured.

My personal zone, as well as my company's one, are both self-signed.They've both been working reasonably well, so far.


Mark.

Current thread:

DANE of SMTP Survey Moritz Müller via NANOG (Jun 01)
- Re: DANE of SMTP Survey Jeroen Massar via NANOG (Jun 02)
  - Re: DANE of SMTP Survey Mark Tinka (Jun 02)
    - Re: DANE of SMTP Survey babydr DBA James W. Laferriere (Jun 03)
    - Re: DANE of SMTP Survey Mark Tinka (Jun 02)
    - Re: DANE of SMTP Survey babydr DBA James W. Laferriere (Jun 04)
    - Re: DANE of SMTP Survey Mark Tinka (Jun 08)
    - Re: DANE of SMTP Survey Mark Andrews (Jun 03)
  - Re: DANE of SMTP Survey Bjørn Mork (Jun 02)
    - Re: DANE of SMTP Survey Jeroen Massar via NANOG (Jun 02)
    - Re: DANE of SMTP Survey Scott Morizot (Jun 02)
    - Re: DANE of SMTP Survey Jeroen Massar via NANOG (Jun 02)
    - Re: DANE of SMTP Survey Mark Tinka (Jun 02)
  - Re: DANE of SMTP Survey Tom Ivar Helbekkmo via NANOG (Jun 11)
    - Re: DANE of SMTP Survey John Levine (Jun 11)
    - Re: DANE of SMTP Survey Tom Ivar Helbekkmo via NANOG (Jun 11)
    - Re: DANE of SMTP Survey John Levine (Jun 11)