Jan-Piet Mens jpmens@gmail.com wrote:
From a Comcast talk at SATIN 2012 I believe they called that a negative
trust anchor, and IIRC, the author wanted to publish a draft of its
operation.
http://tools.ietf.org/html/draft-livingood-negative-trust-anchors
There has been a lot of
We are authoritative for a few dozen small zones. Is it possible to use
the same KSK for all of them? I can see where if it gets compromised we
would need to resign all zones using the KSK at once. How much effort
would I be saving sharing the KSK?
I'm sure there are plenty of other good
On Fri, Apr 27, 2012 at 08:40:54AM -0400, wbr...@e1b.org wrote:
We are authoritative for a few dozen small zones. Is it possible to use
the same KSK for all of them? I can see where if it gets compromised we
would need to resign all zones using the KSK at once. How much effort
would I be
We are authoritative for a few dozen small zones. Is it possible to use the
same KSK for all of them? I can see where if it gets compromised we would
need to resign all zones using the KSK at once. How much effort would I be
saving sharing the KSK?
My sense is that you would be creating
On 27/04/12 13:40, wbr...@e1b.org wrote:
We are authoritative for a few dozen small zones. Is it possible to use
the same KSK for all of them? I can see where if it gets compromised we
would need to resign all zones using the KSK at once. How much effort
would I be saving sharing the KSK?
Den 2012-04-27 00:11, Shi Jin skrev:
http://guitar-stuff.net/wp-content/.
spam spam spam spam and more wordpress spam spam spam
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this
When the shared KSK needed to be rolled over, you would have to
process DS records in the parents of your few dozen zones all at the
same time.
*If* you want to roll the KSK, a.k.a. when did you last roll your SSH
keys? :-)
-JP
___
Please
Jan-Piet wrote on 04/27/2012 10:22:39 AM:
When the shared KSK needed to be rolled over, you would have to
process DS records in the parents of your few dozen zones all at the
same time.
*If* you want to roll the KSK, a.k.a. when did you last roll your SSH
keys? :-)
Correct. I was
I was mistakenly thinking the KSK also had an expiration as the
the ZSK does.
Keys don't expire; signatures (RRSIGs) do.
-JP
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users
wbr...@e1b.org wbr...@e1b.org wrote:
We are authoritative for a few dozen small zones. Is it possible to use
the same KSK for all of them? I can see where if it gets compromised we
would need to resign all zones using the KSK at once. How much effort
would I be saving sharing the KSK?
On Fri, 2012-04-27 at 16:18 +0200, Benny Pedersen wrote:
What you did is just as bad
If you need a list moderator there are appropriate addresses to send
your messages to, directly to the list is NOT one of them
The information you desire can be obtained from
11 matches
Mail list logo
