DNSSEC to be strangled at birth.
Florian Weimer
fw at deneb.enyo.de
Thu Apr 5 17:06:12 EDT 2007
* Simon Josefsson:
> However, in practice I don't believe many will trust the root key
> alone -- for example, I believe most if not all Swedish ISPs would
> configure in trust of the .se key as well.
There are some examples that such static configuration is extremely
bad. Look at the problems with bogon filters, or how long
decommissioned root server IP addresses continue to receive queries.
It's not a problem if you do this for .SE as a Swedish ISP because you
notice quickly that something is amiss. But if too many people do
this for most TLDs, it will become practically impossible to change
keys.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list