[dnssec-deployment] DNSSEC in Russia
Lutz Donnerhacke
lutz at iks-jena.de
Thu Apr 2 18:14:40 EDT 2009
* Michael Graff wrote:
> Lutz Donnerhacke wrote:
>> The verification process searchs for an validated path from it's own local
>> TAR to the final response. Because all keys are signed by all keys on each
>> zone, the path might use the weakest key found.
>
> "Local policy."
Do not depend on special local configurations when talking about a large
scale rollout. There is currently even no software which can be configured
that way you describe.
More information about the Dnssec-deployment
mailing list