[107990] in North American Network Operators' Group


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: hat tip to .gov hostmasters

daemon@ATHENA.MIT.EDU (Florian Weimer)
Mon Sep 22 11:10:04 2008

To: Colin Alston <karnaugh@karnaugh.za.net>
From: Florian Weimer <fweimer@bfk.de>
Date: Mon, 22 Sep 2008 17:09:33 +0200
In-Reply-To: <48D7B397.3000909@karnaugh.za.net> (Colin Alston's message of
	"Mon, 22 Sep 2008 17:02:47 +0200")
Cc: nanog@nanog.org
Errors-To: nanog-bounces@nanog.org

* Colin Alston:

>> Correct, you need a validating, security-aware stub resolver, or the
>> ISP needs to validate the records for you.

> In public space like .com, don't you need some kind of central
> trustworthy CA?

No, why would you?  You need to trust the zone operator, and you need
some trustworthy channel to exchange trust anchors at one point in
time (a significant improvement compared to classic DNS, where you
need a trustworthy channel all the time).

--=20
Florian Weimer                <fweimer@bfk.de>
BFK edv-consulting GmbH       http://www.bfk.de/
Kriegsstra=DFe 100              tel: +49-721-96201-1
D-76133 Karlsruhe             fax: +49-721-96201-99


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[107990] in North American Network Operators' Group

Re: hat tip to .gov hostmasters

daemon@ATHENA.MIT.EDU (Florian Weimer)Mon Sep 22 11:10:04 2008

daemon@ATHENA.MIT.EDU (Florian Weimer)
Mon Sep 22 11:10:04 2008