On Tue, Aug 31, 2010 at 02:55:08PM +0800,
Jiankang YAO ya...@cnnic.cn wrote
a message of 11 lines which said:
I propose a lightweight DNSSEC.
http://www.ietf.org/id/draft-yao-dnsext-msig-00.txt
I've just read the draft and I'm not sure of the problem it intends to
solve. There are two
% check-sig iab.org
Name iab.org has an expired signature (20100829223019)
:-(
___
Ietf mailing list
Ietf@ietf.org
https://www.ietf.org/mailman/listinfo/ietf
Another view, for the visually inclined:
http://dnsviz.net/d/iab.org/dnssec/
On Aug 31, 2010, at 2:41 AM, Stephane Bortzmeyer wrote:
% check-sig iab.org
Name iab.org has an expired signature (20100829223019)
:-(
___
Ietf mailing list
Ietf@ietf.org
: DNSSEC is hard to get right
% check-sig iab.org
Name iab.org has an expired signature (20100829223019)
:-(
___
Ietf mailing list
Ietf@ietf.org
https://www.ietf.org/mailman/listinfo/ietf
___
Ietf mailing
DNSSEC is a PKI and running a PKI is never a trivial matter.
One of the reasons I have serious concern about the prospects for
deployment of DNSSEC is that the answer to many of my questions is
either a blank stare, an off the cuff answer clearly made up on the
spot or the claim that it is