IMO, a resolver will have the ability to get the public key of a ZSK for
validating the signed RR. How will it get this public key?
And, is the usage of a KSK similiar to the CA certificate?
Thanks again.
于 2012-10-17 11:25, Alan Clegg 写道:
On Oct 16, 2012, at 8:17 PM, pangj <pa...@riseup.net> wrote:
于 2012-10-17 11:10, Alan Clegg 写道:
No, it means that I haven't inserted the DS record for dnslab.org into the .org
zone.
for DS record's data, is it the public key of ZSK? thanks.
No, it's a hash of the KSK.
AlanC
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
