Re: America takes over DNS

• From: bmanning
• Date: Mon Apr 02 14:26:18 2007

On Mon, Apr 02, 2007 at 07:45:08AM -0700, David Conrad wrote:
> 
> Hi,
> 
> >Wouldn't the holder of these keys be the only ones able to spoof  
> >DNSSEC?
> 
> Yes.  This is an assumption of DNSSEC, regardless of who signs the  
> root.  The implication of this (and the fact that emergency key  
> rollover requires everyone on the planet with a validating resolver  
> to update the root trust key manually) is that protecting the root  
> key signing key is a bit important.
> 
> Rgds,
> -drc

	one important attribute of key roll would seem to be 
	the lack of a "flag-day". ...  there are at least a 
	couple of proposals that mitigate that particular risk.

--bill

• References:
  • RE: America takes over DNS michael.dillon
  • Re: America takes over DNS David Conrad

• Prev by Date: Re: On-going Internet Emergency and Domain Names
• Next by Date: RE: On-going Internet Emergency and Domain Names
• Date Index
• Thread Index
• Author Index
• Historical