hat tip to .gov hostmasters

Florian Weimer fweimer at bfk.de
Mon Sep 22 10:09:33 CDT 2008

* Colin Alston:

>> Correct, you need a validating, security-aware stub resolver, or the
>> ISP needs to validate the records for you.

> In public space like .com, don't you need some kind of central
> trustworthy CA?

No, why would you?  You need to trust the zone operator, and you need
some trustworthy channel to exchange trust anchors at one point in
time (a significant improvement compared to classic DNS, where you
need a trustworthy channel all the time).

Florian Weimer                <fweimer at bfk.de>
BFK edv-consulting GmbH       http://www.bfk.de/
Kriegsstraße 100              tel: +49-721-96201-1
D-76133 Karlsruhe             fax: +49-721-96201-99

More information about the NANOG mailing list