[dnssec-deployment] dot MUSEUM implemented DNSSEC

Mats.Dufberg at teliasonera.com Mats.Dufberg at teliasonera.com
Mon Sep 22 03:19:08 EDT 2008

> From: DNSSEC deployment 
> [mailto:dnssec-deployment at shinkuro.com] On Behalf Of Andrew Sullivan
> Sent: den 19 september 2008 18:14
> > The DNSsec model assums that the parent zone registry makes 
> > reasonable
> > checks when the registry of the child zone enters new DS 
> > record for the
> > child zone, i.e. checks to make sure that it is not an evil 
> > gang trying
> > to steal the control of the child zone.
> Surely this is no different than the current care needed when updating
> NS records at the parent side of the zone cut, is it?

DNSsec creates a tighter chain. We have to make sure that redelegation
is not the weakest link. -- Yes, it is the same process but DNSsec
requires higher degree of safety when it comes to the redelegation part.


Mats Dufberg
BBS P&P VAS/Internet
mats.dufberg at teliasonera.com

More information about the Dnssec-deployment mailing list