America takes over DNS

• Previous message (by thread): America takes over DNS
• Next message (by thread): America takes over DNS
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

> Wouldn't the holder of these keys be the only ones able to spoof  
> DNSSEC?

Yes.  This is an assumption of DNSSEC, regardless of who signs the  
root.  The implication of this (and the fact that emergency key  
rollover requires everyone on the planet with a validating resolver  
to update the root trust key manually) is that protecting the root  
key signing key is a bit important.

Rgds,
-drc

• Previous message (by thread): America takes over DNS
• Next message (by thread): America takes over DNS
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]