Re: hat tip to .gov hostmasters

• From: Colin Alston
• Date: Mon Sep 22 11:04:17 2008

• List-archive: <http://mailman.nanog.org/pipermail/nanog>
• List-help: <mailto:[email protected]?subject=help>
• List-id: North American Network Operators Group <nanog.nanog.org>
• List-post: <mailto:[email protected]>
• List-subscribe: <http://mailman.nanog.org/mailman/listinfo/nanog>, <mailto:[email protected]?subject=subscribe>
• List-unsubscribe: <http://mailman.nanog.org/mailman/listinfo/nanog>, <mailto:[email protected]?subject=unsubscribe>

Florian Weimer wrote:
> * Jason Frisvold:
> 
>> On Mon, Sep 22, 2008 at 10:34 AM, Scott Francis <[email protected]> wrote:
>>> nice to see a wholesale DNSSEC rollout underway (I must confess to being a
>>> little surprised at the source, too!). Granted, it's a much more manageable
>>> problem set than, say, .com - but if one US-controlled TLD can do it, hope
>>> is buoyed for a .com rollout sooner rather than later (although probably not
>>> much sooner :)).
>> I'm not much up on DNSSEC, but don't you need to be using a resolver
>> that recognizes DNSSEC in order for this to be useful?
> 
> Correct, you need a validating, security-aware stub resolver, or the
> ISP needs to validate the records for you.
> 

In public space like .com, don't you need some kind of central
trustworthy CA?

• Follow-Ups:
  • Re: hat tip to .gov hostmasters Florian Weimer

• References:
  • hat tip to .gov hostmasters Scott Francis
  • Re: hat tip to .gov hostmasters Jason Frisvold
  • Re: hat tip to .gov hostmasters Florian Weimer

• Prev by Date: Re: hat tip to .gov hostmasters
• Next by Date: Re: hat tip to .gov hostmasters
• Date Index
• Thread Index
• Author Index
• Historical