On Thu, 12 Mar 2009, Mark Andrews wrote:
The principle here is that there is no error if "for a DS record
there is no corresponding DNSKEY" and vice versa. All that is needed
for validation is one "chain of trust." Accepting dangling
references is not optimal but provides robustness.
Moin!
On 12.03.2009, at 01:10, Joe Baptista wrote:
You poor souls. The DNSSEC monster is vast and complex. So much
easier just to fix the problem instead of this endless gibberish.
It's so complex it's funny when you consider a simple solution like
DNSCURVE -http://dnscurve.org/ - and s
You poor souls. The DNSSEC monster is vast and complex. So much easier
just to fix the problem instead of this endless gibberish. It's so complex
it's funny when you consider a simple solution like DNSCURVE -
http://dnscurve.org/ - and so much more secure. No man in the middle
issues.
Oh well
In message , Edward Lewis writes:
> At 8:19 +1100 3/11/09, Mark Andrews wrote:
> >In message , Edward Lewis writes:
>
> >> record involves less typing than a DNSKEY, I'd want to work with a DS
> >> record.
> >
> > Has anyone on this list ever typed in a DNSKEY or DS as a
> > trust ancho
At 8:19 +1100 3/11/09, Mark Andrews wrote:
In message , Edward Lewis writes:
record involves less typing than a DNSKEY, I'd want to work with a DS
record.
Has anyone on this list ever typed in a DNSKEY or DS as a
trust anchor? I would presume that most (99.%) people