[Dnssec-deployment] DNSSEC validation errors in .gov
eoster at cs.ucla.edu
Tue May 18 15:22:35 EDT 2010
On May 18, 2010, at 12:34 AM, Stephane Bortzmeyer wrote:
> On Fri, May 07, 2010 at 02:59:52PM -0400,
> Paul Wouters <paul at xelerance.com> wrote
> a message of 20 lines which said:
>> I've noticed in the last couple of weeks that we are regularly
>> seeing DNSSEC validation failures in various .gov zones. These range
>> from DS records pointing to missing DNSKEY records to RRSIG crypto
> And broken middleboxes, as we currently see for uspto.gov, broken for
> a few days.
I just wanted to clarify what do you mean here? The uspto.gov zone is having serious availability (pmtu) problems, but it's been ongoing for more than just a few days. I've been watching it at:
and for a while its availability dispersion has been quite poor. However, wasn't the OP about validating keys? I think this zone's keys do validate (at least, much of the time). SecSpider has seen various .gov sites flit in and out of verifiability, but they are not always unverifiable.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 195 bytes
Desc: This is a digitally signed message part
Url : http://dnssec-deployment.org/pipermail/dnssec-deployment/attachments/20100518/b9d7da9b/attachment.bin
More information about the Dnssec-deployment