.gov DNSSEC operational message

• Previous message (by thread): .gov DNSSEC operational message
• Next message (by thread): .gov DNSSEC operational message
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---- Original Message -----
> From: "Kevin Oberman" <oberman at es.net>

> There is no reason that you could not do OOB transfers of keys, but it
> would be so cumbersome with the need to maintain keys for every TLD
> (and, for that matter, every zone under them) and deal with key rolls
> at random intervals and confirm that the new keys you were getting were,
> in fact legitimate would be more than overwhelming. It just does not
> scale.

I apologize; I was not clear.

I was not suggesting OOB *production transfer of keying information*.

I was rather suggesting that an additional publication of the keys, in
an authenticatable manner, which could be used by anyone who believed
that Something Hincky might be going on to confirm or deny, might be
useful.

Cheers,
-- jra

• Previous message (by thread): .gov DNSSEC operational message
• Next message (by thread): .gov DNSSEC operational message
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]