[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

.gov DNSSEC operational message

Subject: .gov DNSSEC operational message
From: jra at baylink.com (Jay Ashworth)
Date: Thu, 23 Dec 2010 13:37:13 -0500 (EST)
In-reply-to: <[email protected]>

----- Original Message -----
> From: "Matt Larson" <mlarson at verisign.com>

> The new KSK will not be published in an authenticated manner outside
> DNS (e.g., on an SSL-protected web page). Rather, the intended
> mechanism for trusting the new KSK is via the signed root zone: DS
> records corresponding to the new KSK are already present in the root
> zone.

That sounds like a policy decision... and I'm not sure I think it sounds
like a *good* policy decision, but since no reasons were provided, it's 
difficult to tell.

Why was that decision taken, Matt?

Cheers,
-- jra

Follow-Ups:
- .gov DNSSEC operational message
  - From: mlarson at verisign.com (Matt Larson)
- .gov DNSSEC operational message
  - From: fw at deneb.enyo.de (Florian Weimer)

References:
- .gov DNSSEC operational message
  - From: mlarson at verisign.com (Matt Larson)

Prev by Date: Router only speaks IGP in BGP network
Next by Date: Muni Fiber Last Mile - a contrary opinion
Previous by thread: .gov DNSSEC operational message
Next by thread: .gov DNSSEC operational message
Index(es):
- Date
- Thread