[dnssec-deployment] dot MUSEUM implemented DNSSEC
Mats.Dufberg at teliasonera.com
Mats.Dufberg at teliasonera.com
Mon Sep 22 03:19:08 EDT 2008
> From: DNSSEC deployment
> [mailto:dnssec-deployment at shinkuro.com] On Behalf Of Andrew Sullivan
> Sent: den 19 september 2008 18:14
(...)
> > The DNSsec model assums that the parent zone registry makes
> > reasonable
> > checks when the registry of the child zone enters new DS
> > record for the
> > child zone, i.e. checks to make sure that it is not an evil
> > gang trying
> > to steal the control of the child zone.
>
> Surely this is no different than the current care needed when updating
> NS records at the parent side of the zone cut, is it?
DNSsec creates a tighter chain. We have to make sure that redelegation
is not the weakest link. -- Yes, it is the same process but DNSsec
requires higher degree of safety when it comes to the redelegation part.
Mats
------------------------------------------
Mats Dufberg
TeliaSonera
BBS P&P VAS/Internet
+46-70-2582588
mats.dufberg at teliasonera.com
------------------------------------------
More information about the Dnssec-deployment
mailing list