[dnssec-deployment] DNSSEC key management terminology
wouter at NLnetLabs.nl
Fri Feb 22 03:36:09 EST 2008
-----BEGIN PGP SIGNED MESSAGE-----
Olafur Gudmundsson wrote:
| We are looking for feedback on this document from the DNSSEC community
The draft looks fine to me. Useful definitions.
In 3.5.1 you say
~ A Trust Anchor is arguably Lame if there are no
~ signatures by a Retired KSK in the zone.
What is the argument that such a TA is Lame ?
Is it because the prepublish failed or so, that the resolvers have only
the retired key but not a newer key to verify with?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
-----END PGP SIGNATURE-----
More information about the Dnssec-deployment