[dnssec-deployment] DNSSEC key management terminology
Wouter Wijngaards
wouter at NLnetLabs.nl
Fri Feb 22 03:36:09 EST 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Olafur Gudmundsson wrote:
| We are looking for feedback on this document from the DNSSEC community
Hi Olafur,
The draft looks fine to me. Useful definitions.
In 3.5.1 you say
~ A Trust Anchor is arguably Lame if there are no
~ signatures by a Retired KSK in the zone.
What is the argument that such a TA is Lame ?
Is it because the prepublish failed or so, that the resolvers have only
the retired key but not a newer key to verify with?
Best regards,
~ Wouter
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQFHvol5kDLqNwOhpPgRAlmtAKCHprC6CzR55N+OpEo/Dn1DS5y2DQCgs31j
NR9ULwgcI9D8i13teB9Ypo4=
=WxGD
-----END PGP SIGNATURE-----
More information about the Dnssec-deployment
mailing list