hat tip to .gov hostmasters
fweimer at bfk.de
Mon Sep 22 10:09:33 CDT 2008
* Colin Alston:
>> Correct, you need a validating, security-aware stub resolver, or the
>> ISP needs to validate the records for you.
> In public space like .com, don't you need some kind of central
> trustworthy CA?
No, why would you? You need to trust the zone operator, and you need
some trustworthy channel to exchange trust anchors at one point in
time (a significant improvement compared to classic DNS, where you
need a trustworthy channel all the time).
Florian Weimer <fweimer at bfk.de>
BFK edv-consulting GmbH http://www.bfk.de/
Kriegsstraße 100 tel: +49-721-96201-1
D-76133 Karlsruhe fax: +49-721-96201-99
More information about the NANOG