[dnsext] "knowing A root key" was Re: draft-diao-aip-dns
Edward Lewis <Ed.Lewis@neustar.biz> Thu, 05 July 2012 18:57 UTC
Return-Path: <Ed.Lewis@neustar.biz>
X-Original-To: dnsext@ietfa.amsl.com
Delivered-To: dnsext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 591A511E80BA for <dnsext@ietfa.amsl.com>; Thu, 5 Jul 2012 11:57:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.598
X-Spam-Level:
X-Spam-Status: No, score=-106.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id B8VdJvYOpw0n for <dnsext@ietfa.amsl.com>; Thu, 5 Jul 2012 11:57:12 -0700 (PDT)
Received: from stora.ogud.com (stora.ogud.com [66.92.146.20]) by ietfa.amsl.com (Postfix) with ESMTP id 921B721F86EA for <dnsext@ietf.org>; Thu, 5 Jul 2012 11:57:12 -0700 (PDT)
Received: from jeng-lt61.cis.neustar.com (nyttbox.md.ogud.com [10.20.30.4]) by stora.ogud.com (8.14.4/8.14.4) with ESMTP id q65IvL17013967; Thu, 5 Jul 2012 14:57:24 -0400 (EDT) (envelope-from Ed.Lewis@neustar.biz)
Received: from [192.168.128.170] by jeng-lt61.cis.neustar.com (PGP Universal service); Thu, 05 Jul 2012 14:57:25 -0400
X-PGP-Universal: processed; by jeng-lt61.cis.neustar.com on Thu, 05 Jul 2012 14:57:25 -0400
Mime-Version: 1.0
Message-Id: <a06240804cc1b932638b6@[192.168.128.170]>
In-Reply-To: <AFA48774-57DF-42FB-9028-C26F648F4EF0@icsi.berkeley.edu>
References: <1340433313.43178.YahooMailClassic@web161701.mail.bf1.yahoo.com> <B726DEA1-2E57-4E67-B481-5788CB26869E@vpnc.org> <CAMm+Lwh1J8+LB44X0XmUm+Fob1bSrdJLY76Vr8qsUx0yeDat+A@mail.gmail.com> <F17B354A-7D6D-4532-AA9B-8AB5D35A4BF8@rfc1035.com> <21DEB429-D133-4C34-BFA8-F057E50977A8@cisco.com> <AFA48774-57DF-42FB-9028-C26F648F4EF0@icsi.berkeley.edu>
Date: Thu, 05 Jul 2012 14:57:17 -0400
To: DNSEXT Working Group <dnsext@ietf.org>
From: Edward Lewis <Ed.Lewis@neustar.biz>
Content-Type: multipart/alternative; boundary="============_-870607851==_ma============"
X-Scanned-By: MIMEDefang 2.72 on 10.20.30.4
Cc: ed.lewis@neustar.biz
Subject: [dnsext] "knowing A root key" was Re: draft-diao-aip-dns
X-BeenThere: dnsext@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: DNS Extensions working group discussion list <dnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsext>, <mailto:dnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsext>
List-Post: <mailto:dnsext@ietf.org>
List-Help: <mailto:dnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 05 Jul 2012 18:57:13 -0000
At 8:32 -0700 6/29/12, Nicholas Weaver wrote: >... DNSSEC, in practice, relies on knowing A root key. Not really. The set of trust anchors a validator use is a local policy consideration. RFC 4035 4.4. Configured Trust Anchors A security-aware resolver MUST be capable of being configured with at least one trusted public key or DS RR and SHOULD be capable of being configured with multiple trusted public keys or DS RRs... -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis NeuStar You can leave a voice message at +1-571-434-5468 2012...time to reuse those 1984 calendars!
- [dnsext] draft-diao-aip-dns Tony Finch
- Re: [dnsext] draft-diao-aip-dns YP Diao
- Re: [dnsext] draft-diao-aip-dns Ondřej Surý
- Re: [dnsext] draft-diao-aip-dns Stephane Bortzmeyer
- Re: [dnsext] draft-diao-aip-dns Eric Brunner-Williams
- Re: [dnsext] draft-diao-aip-dns Ondřej Surý
- [dnsext] draft-diao-aip-dns Fred Baker
- Re: [dnsext] draft-diao-aip-dns Donald Eastlake
- Re: [dnsext] draft-diao-aip-dns Ralph Droms
- Re: [dnsext] draft-diao-aip-dns Mark Andrews
- Re: [dnsext] draft-diao-aip-dns Warren Kumari
- Re: [dnsext] draft-diao-aip-dns Andrew Sullivan
- Re: [dnsext] draft-diao-aip-dns Stephane Bortzmeyer
- Re: [dnsext] draft-diao-aip-dns Ralph Droms
- Re: [dnsext] draft-diao-aip-dns Mark Andrews
- Re: [dnsext] draft-diao-aip-dns SM
- Re: [dnsext] draft-diao-aip-dns Nicholas Weaver
- Re: [dnsext] draft-diao-aip-dns Doug Barton
- Re: [dnsext] draft-diao-aip-dns Ralph Droms
- Re: [dnsext] draft-diao-aip-dns Eric Brunner-Williams
- Re: [dnsext] draft-diao-aip-dns Jiankang YAO
- Re: [dnsext] draft-diao-aip-dns Jiankang YAO
- Re: [dnsext] draft-diao-aip-dns Paul Hoffman
- Re: [dnsext] draft-diao-aip-dns Phil Regnauld
- Re: [dnsext] draft-diao-aip-dns Paul Hoffman
- Re: [dnsext] draft-diao-aip-dns Phillip Hallam-Baker
- Re: [dnsext] draft-diao-aip-dns Dmitry Burkov
- Re: [dnsext] draft-diao-aip-dns Jim Reid
- Re: [dnsext] draft-diao-aip-dns Ralph Droms
- Re: [dnsext] draft-diao-aip-dns Nicholas Weaver
- Re: [dnsext] draft-diao-aip-dns Jim Reid
- Re: [dnsext] draft-diao-aip-dns YP Diao
- [dnsext] "knowing A root key" was Re: draft-diao-… Edward Lewis