[134213] in North American Network Operators' Group


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: .gov DNSSEC operational message - picking a fight

daemon@ATHENA.MIT.EDU (Tony Finch)
Wed Dec 29 09:56:52 2010

In-Reply-To: <20101228224651.GC28346@vacation.karoshi.com.>
From: Tony Finch <dot@dotat.at>
Date: Wed, 29 Dec 2010 14:56:35 +0000
To: "bmanning@vacation.karoshi.com" <bmanning@vacation.karoshi.com>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org

On 28 Dec 2010, at 22:46, bmanning@vacation.karoshi.com wrote:
>=20
>    IMHO, key management should be able to use an OOB channel
>    when the in-band is corrupted or overlaoded.  Reliance on
>    strictly the IB channel presumes there will be no problems
>    with that channel.  EVER.   For me, I don't want to take=20
>    that risk.  YMMV of course. =20

If normal DNS resolution fails to work then there's no point in getting the k=
eys from another source since there's no data for them to validate.

Tony.
--
f.anthony.n.finch  <dot@dotat.at>  http://dotat.at/=


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[134213] in North American Network Operators' Group

Re: .gov DNSSEC operational message - picking a fight

daemon@ATHENA.MIT.EDU (Tony Finch)Wed Dec 29 09:56:52 2010

daemon@ATHENA.MIT.EDU (Tony Finch)
Wed Dec 29 09:56:52 2010