[Dnssec-deployment] Re-introduction of .de subdomains into ISC's DLV
Ed.Lewis at neustar.biz
Tue Jun 14 09:40:26 EDT 2011
At 18:05 -0700 6/13/11, David Conrad wrote:
>I'm probably missing something obvious, but given DE was signed with its DS
>in the root, what benefit does putting DE's sub-domains back in ISC's DLV
A "sub-domain" of DE need not be delegated from the DE zone. There
may be intermediate zones.
At 10:47 +0200 6/14/11, W.C.A. Wijngaards wrote:
>Unbound has the same policy. Thus, the root trust-anchor wins if it has
>a chain to the root and a DLV-chain.
Why is there a "winner" (unless I'm reading too much into that).
Ties are good too. I.e., if the DS-based trust chain validates OR
the DLV chain validates, the data ought to be accepted. Even if the
OR is exclusive.
NeuStar You can leave a voice message at +1-571-434-5468
I'm overly entertained.
More information about the Dnssec-deployment