[dnssec-deployment] Need Explanation.
Rose, Scott W.
scott.rose at nist.gov
Thu Oct 8 06:54:19 EDT 2009
On 10/7/09 10:22 PM, "Mark Andrews" <marka at isc.org> wrote:
>
>> 3. How about the root server? which algorithm will be used?
>
> It will be using RSASHA256 (supports both NSEC and NSEC3). I don't
> know if they intend to use NSEC or NSEC3. The root zones is small
> enough that size of the signed zone should not be issue, nor is
> zone enumeration so I would expect NSEC would be used. This is
> generally less expensive than using NSEC3.
>
>From the plans - NSEC. The root zone is publicly available anyway. Might
be a re-evaluation if so many new unsigned gTLD's are added that NSEC3 with
Opt-Out is needed, but I doubt that.
Scott
>> Let say the root
>> servers are using RSASHA1, thus the other TLD need to use the same
>> algorithm?
>
> No.
>
>> Actually I'm from .my domain registry.
>>
>> Thanks in advance.
>>
>> rgds
>> Amir
>>
> --
> Mark Andrews, ISC
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
>
> #############################################################
> This message is sent to you because you are subscribed to
> the mailing list <dnssec-deployment at shinkuro.com>.
> To unsubscribe, E-mail to: <dnssec-deployment-off at shinkuro.com>
> A public archive is available here:
> <http://mail.shinkuro.com:8100/Lists/dnssec-deployment/>
> and older material is at
> <http://mail.shinkuro.com:8100/Lists/dnssec-deployment-archive/>
>
===================================
Scott Rose
NIST
scottr at nist.gov
ph: +1 301-975-8439
http://www-x.antd.nist.gov/dnssec
http://www.dnsops.gov/
===================================
More information about the Dnssec-deployment
mailing list