[dnssec-deployment] dot MUSEUM implemented DNSSEC
Mats.Dufberg at teliasonera.com
Mats.Dufberg at teliasonera.com
Fri Sep 19 05:22:58 EDT 2008
> The fact that things like this are starting to happen *without* us
> hearing about it ahead of time is a very good sign. The
> fact we're
> getting TLDs going forward without "is this safe"
> questions preceding it
> is good.
>
> Not saying anything and just doing it is a way of findig out whether
> this is safe :-).
Well, I do not really agree. If you do not say anything and do not have
information around DNSsec few will trust the TLD, i.e. few will add the
a trust anchor for it. Nobody will discover if the DNSsec is broken if
nobody tries to validate it.
Signing the zone is just part of the game. Until root is signed, a TLD
must make sure it has clear documentation around its key handling and
make resolvers trust its keys.
Mats
------------------------------------------
Mats Dufberg
TeliaSonera
BBS P&P VAS/Internet
+46-70-2582588
mats.dufberg at teliasonera.com
------------------------------------------
More information about the Dnssec-deployment
mailing list