[Dnssec-deployment] root key - getting close
Casey Deccio
casey at deccio.net
Tue Jun 1 23:33:58 EDT 2010
On Tue, Jun 1, 2010 at 6:26 AM, Paul Wouters <paul at xelerance.com> wrote:
>
> I guess we're really almost there.
>
> "." 385 3 8
> "AwEAAeuXBrrPbYGLRFHfpegmd7ql2NUDUKErmNr8K8+sB5MQsD5VBg/SKaqbr7nhw9UutuewqpCoBx2gDJa0t/1co5tlMNNhaLmYKQ4IpOv3pQ6JaK5cnGhokrh4rOMohAnyXjV0FmaIdUHG5G4B6GdiYEkb7merDiM5sFij0Hf+XqFJ89qE+TZJYW46o7fEGya0tK/MgiUVMzGwyqsLK24jFU/1G+D6KyAfxGKpASPhvFa/LG5hjisEICfyEzHBAzcRPL4LKUvhXmxXgXgre41J0mhDI2hR7oB6pLfuaKE7TN7VoxMvSWqoh0ej7cjVRBvovlW7VvhdXPxFtFV7osAoyLc=";
> // key id = 19452
>
>
So, I'm curious. The root zone currently shows three DNSKEY RRs:
1112
55138
19581 (with revoke bit set; id without revoke bit is 19453)
But the DNSKEY RRset is signed with the following:
1112
55138
19452
Is this intentional, or perhaps my analysis is wrong? The third signature
doesn't align with any existing DNSKEY, and the revoked key is technically
not "revoked" since there is no self-signature.
Regards,
Casey
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://dnssec-deployment.org/pipermail/dnssec-deployment/attachments/20100601/3ae3a4e3/attachment.html
More information about the Dnssec-deployment
mailing list