[dnssec-deployment] dot MUSEUM implemented DNSSEC
Dan Mahoney, System Admin
danm at prime.gushi.org
Fri Sep 19 10:27:39 EDT 2008
On Fri, 19 Sep 2008, Mats.Dufberg at teliasonera.com wrote:
>> The fact that things like this are starting to happen *without* us
>> hearing about it ahead of time is a very good sign. The
>> fact we're
>> getting TLDs going forward without "is this safe"
>> questions preceding it
>> is good.
>>
>> Not saying anything and just doing it is a way of findig out whether
>> this is safe :-).
>
> Well, I do not really agree. If you do not say anything and do not have
> information around DNSsec few will trust the TLD, i.e. few will add the
> a trust anchor for it. Nobody will discover if the DNSsec is broken if
> nobody tries to validate it.
>
> Signing the zone is just part of the game. Until root is signed, a TLD
> must make sure it has clear documentation around its key handling and
> make resolvers trust its keys.
This may be a very silly question, but has anyone assembled a page of
"here are the TLD's we know of which have been signed, and you can verify
each of them on the page *here* and their policy is listed *here*".
Since DLV adoption seems to be slower than I'd like to see, this could be
a good starting reference for anyone who just wants to authenticate
against what's out there.
If not, I'll do it. I'm against duplication of efforts, but I think a
resource like this could be valuable.
-Dan
--
"We are basically...'Bandwidth Pimps'...Hrmmm...But that's cool man! You see these gold chains? It's all good!"
-Ali Dhoon
03/03/2003, 7PM
--------Dan Mahoney--------
Techie, Sysadmin, WebGeek
Gushi on efnet/undernet IRC
ICQ: 13735144 AIM: LarpGM
Site: http://www.gushi.org
---------------------------
More information about the Dnssec-deployment
mailing list