[dnssec-deployment] dot MUSEUM implemented DNSSEC

Dan Mahoney, System Admin danm at prime.gushi.org
Fri Sep 19 10:27:39 EDT 2008


On Fri, 19 Sep 2008, Mats.Dufberg at teliasonera.com wrote:

>>     The fact that things like this are starting to happen *without* us
>>     hearing about it ahead of time is a very good sign.  The
>>     fact we're
>>     getting TLDs going forward without "is this safe"
>>     questions preceding it
>>     is good.
>>
>> Not saying anything and just doing it is a way of findig out whether
>> this is safe :-).
>
> Well, I do not really agree. If you do not say anything and do not have
> information around DNSsec few will trust the TLD, i.e. few will add the
> a trust anchor for it. Nobody will discover if the DNSsec is broken if
> nobody tries to validate it.
>
> Signing the zone is just part of the game. Until root is signed, a TLD
> must make sure it has clear documentation around its key handling and
> make resolvers trust its keys.

This may be a very silly question, but has anyone assembled a page of 
"here are the TLD's we know of which have been signed, and you can verify 
each of them on the page *here* and their policy is listed *here*".

Since DLV adoption seems to be slower than I'd like to see, this could be 
a good starting reference for anyone who just wants to authenticate 
against what's out there.

If not, I'll do it.  I'm against duplication of efforts, but I think a 
resource like this could be valuable.

-Dan

-- 

"We are basically...'Bandwidth Pimps'...Hrmmm...But that's cool man!  You see these gold chains?  It's all good!"

-Ali Dhoon
03/03/2003, 7PM

--------Dan Mahoney--------
Techie,  Sysadmin,  WebGeek
Gushi on efnet/undernet IRC
ICQ: 13735144   AIM: LarpGM
Site:  http://www.gushi.org
---------------------------




More information about the Dnssec-deployment mailing list