[dnssec-deployment] dot MUSEUM implemented DNSSEC

Richard Lamb richard.lamb at icann.org
Fri Sep 19 11:38:09 EDT 2008


We are looking at signing that page (and others) with an EV cert as well that should further reinforce that "chain of trust".

-----Original Message-----
From: DNSSEC deployment [mailto:dnssec-deployment at shinkuro.com] On Behalf Of Suzanne Woolf
Sent: Friday, September 19, 2008 8:30 AM
To: DNSSEC deployment
Subject: Re: [dnssec-deployment] dot MUSEUM implemented DNSSEC

On Fri, Sep 19, 2008 at 10:27:39AM -0400, Dan Mahoney, System Admin wrote:
>
> This may be a very silly question, but has anyone assembled a page of
> "here are the TLD's we know of which have been signed, and you can verify
> each of them on the page *here* and their policy is listed *here*".
>
> Since DLV adoption seems to be slower than I'd like to see, this could be
> a good starting reference for anyone who just wants to authenticate
> against what's out there.

IANA will be publishing a list of TLD keys in the near future, as
directed by the ICANN Board of Directors recently. I checked with them
this morning and they're expecting to be online by mid-October or so.
The registry of keys will be subject to the same verification as any
other TLD information published by IANA, so if you trust their root
zone, you'll probably feel safe trusting their TLD key registry.


Suzanne


#############################################################
This message is sent to you because you are subscribed to
  the mailing list <dnssec-deployment at shinkuro.com>.
To unsubscribe, E-mail to: <dnssec-deployment-off at shinkuro.com>
A public archive is available here: <http://mail.shinkuro.com:8100/Lists/dnssec-deployment/>
and older material is at
<http://mail.shinkuro.com:8100/Lists/dnssec-deployment-archive/>



More information about the Dnssec-deployment mailing list