[dnssec-deployment] About "no validation" for DNS root signing strategy
jabley at hopcount.ca
Thu Oct 8 15:30:27 EDT 2009
http://rosie.ripe.net/ is the meeting page. Look for agendas, dns-wg
for today and agendas, plenary for Tuesday's.
Sent using large thumbs on tiny keyboard.
On 2009-10-08, at 19:41, Eric Osterweil <eoster at cs.ucla.edu> wrote:
> On Oct 8, 2009, at 11:30 AM, Paul Wouters wrote:
>> On Thu, 8 Oct 2009, Jakob Schlyter wrote:
>>> the intention with the DURZ, the Deliberately Unvalidatable Root
>>> Zone, is that it should be obvious to everyone that it is not
>>> possible to validate the signatures. I do not know of any
>>> resolver that would try to validate signatures, even though you do
>>> not have a trust anchor configured, so to get any sort of
>>> validation failure you have to actually configure the bad key.
>> Is this talk/presentation online somewhere? I'd like to know more
>> about the
>> reasons behind the DURZ over a valid-but-unofficial root key.
More information about the Dnssec-deployment