rfg> 1) I confess that I know virtually nothing about DNSSEC. I do rfg> know one thing however, which is that there's such a thing, rfg> in the world of domain names, as a "self signed" SSL rfg> certificate.
DNSSEC follows a chain of trust from the root or trust anchor through the whole chain. If the parent doesn't sign, it won't valiate. So no, no equivalent of self-signed SSL certs And the benefit isn't just to the owner of the prefix. As several folks have said, if I want to know something about the in-addr zone data, DNSSEC signing has value to anyone doing DNSSEC validation, not just the zone or prefix owner. There is value to the entire internet in the whole in-addr tree being signed at some point. _______________________________________________ ARIN-PPML You are receiving this message because you are subscribed to the ARIN Public Policy Mailing List ([email protected]). Unsubscribe or manage your mailing list subscription at: https://lists.arin.net/mailman/listinfo/arin-ppml Please contact [email protected] if you experience any issues.
