America takes over DNS

• Previous message (by thread): America takes over DNS
• Next message (by thread): On-going Internet Emergency and Domain Names
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Apr 02, 2007 at 07:45:08AM -0700, David Conrad wrote:
> 
> Hi,
> 
> >Wouldn't the holder of these keys be the only ones able to spoof  
> >DNSSEC?
> 
> Yes.  This is an assumption of DNSSEC, regardless of who signs the  
> root.  The implication of this (and the fact that emergency key  
> rollover requires everyone on the planet with a validating resolver  
> to update the root trust key manually) is that protecting the root  
> key signing key is a bit important.
> 
> Rgds,
> -drc

	one important attribute of key roll would seem to be 
	the lack of a "flag-day". ...  there are at least a 
	couple of proposals that mitigate that particular risk.

--bill

• Previous message (by thread): America takes over DNS
• Next message (by thread): On-going Internet Emergency and Domain Names
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]