.gov DNSSEC operational message

• Previous message (by thread): .gov DNSSEC operational message
• Next message (by thread): .gov DNSSEC operational message
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

----- Original Message -----
> From: "Matt Larson" <mlarson at verisign.com>

> The new KSK will not be published in an authenticated manner outside
> DNS (e.g., on an SSL-protected web page). Rather, the intended
> mechanism for trusting the new KSK is via the signed root zone: DS
> records corresponding to the new KSK are already present in the root
> zone.

That sounds like a policy decision... and I'm not sure I think it sounds
like a *good* policy decision, but since no reasons were provided, it's 
difficult to tell.

Why was that decision taken, Matt?

Cheers,
-- jra

• Previous message (by thread): .gov DNSSEC operational message
• Next message (by thread): .gov DNSSEC operational message
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]