DNSSEC to be strangled at birth.
Ben Laurie
ben at links.org
Thu Apr 5 17:03:59 EDT 2007
Simon Josefsson wrote:
> However, in practice I don't believe many will trust the root key
> alone -- for example, I believe most if not all Swedish ISPs would
> configure in trust of the .se key as well. One can imagine a
> web-of-trust based key-update mechanism that avoids the need to trust
> a single root key.
Indeed, and I already wrote an I-D for it:
http://www.links.org/dnssec/draft-laurie-dnssec-key-distribution-01.html.
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html http://www.links.org/
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list