Martin Rex wrote: > DNSsec, as far as I can see, does not use a PKI in the traditional > sense. There are _NO_ persons involved in the process,
FYI, zones are operated by people.
I can forge a key of your zone. I can, then, ask a person operating a
parent zone of yours to issue a valid signature over the forged key.
Masataka Ohta
_______________________________________________
Ietf mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ietf
