[dnsext] "knowing A root key" was Re: draft-diao-aip-dns
Edward Lewis <Ed.Lewis@neustar.biz> Thu, 05 July 2012 18:57 UTC
Return-Path: <dnsext-bounces@ietf.org>
X-Original-To: namedroppers-archive-gleetwall6@lists.ietf.org
Delivered-To: ietfarch-namedroppers-archive-gleetwall6@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5561A11E80BA; Thu, 5 Jul 2012 11:57:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ietf.org; s=ietf1; t=1341514635; bh=l2N0TrtWwa61F4+TN5hsnT6gC55f2CZWYwhm2TOpJls=; h=Mime-Version:Message-Id:In-Reply-To:References:Date:To:From:Cc: Subject:List-Id:List-Unsubscribe:List-Archive:List-Post:List-Help: List-Subscribe:Content-Type:Sender; b=pVIGiy+DJjPyxBZ5RMoxkZ3Tkb9VV8EtpT2BJtoDeEm703+BOei41sBiW1GqOwpKQ zUkGLu0TtrEBrE9vPFW2qj89wE7kcNHw76MxzaLKn+g0TvU4WO5j+CkYcc4SQaNr77 iZzGvp49aJ9jFl+/xTIrN67CUZUYYxOOMrd0YwD0=
X-Original-To: dnsext@ietfa.amsl.com
Delivered-To: dnsext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 591A511E80BA for <dnsext@ietfa.amsl.com>; Thu, 5 Jul 2012 11:57:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.598
X-Spam-Level:
X-Spam-Status: No, score=-106.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id B8VdJvYOpw0n for <dnsext@ietfa.amsl.com>; Thu, 5 Jul 2012 11:57:12 -0700 (PDT)
Received: from stora.ogud.com (stora.ogud.com [66.92.146.20]) by ietfa.amsl.com (Postfix) with ESMTP id 921B721F86EA for <dnsext@ietf.org>; Thu, 5 Jul 2012 11:57:12 -0700 (PDT)
Received: from jeng-lt61.cis.neustar.com (nyttbox.md.ogud.com [10.20.30.4]) by stora.ogud.com (8.14.4/8.14.4) with ESMTP id q65IvL17013967; Thu, 5 Jul 2012 14:57:24 -0400 (EDT) (envelope-from Ed.Lewis@neustar.biz)
Received: from [192.168.128.170] by jeng-lt61.cis.neustar.com (PGP Universal service); Thu, 05 Jul 2012 14:57:25 -0400
X-PGP-Universal: processed; by jeng-lt61.cis.neustar.com on Thu, 05 Jul 2012 14:57:25 -0400
Mime-Version: 1.0
Message-Id: <a06240804cc1b932638b6@[192.168.128.170]>
In-Reply-To: <AFA48774-57DF-42FB-9028-C26F648F4EF0@icsi.berkeley.edu>
References: <1340433313.43178.YahooMailClassic@web161701.mail.bf1.yahoo.com> <B726DEA1-2E57-4E67-B481-5788CB26869E@vpnc.org> <CAMm+Lwh1J8+LB44X0XmUm+Fob1bSrdJLY76Vr8qsUx0yeDat+A@mail.gmail.com> <F17B354A-7D6D-4532-AA9B-8AB5D35A4BF8@rfc1035.com> <21DEB429-D133-4C34-BFA8-F057E50977A8@cisco.com> <AFA48774-57DF-42FB-9028-C26F648F4EF0@icsi.berkeley.edu>
Date: Thu, 05 Jul 2012 14:57:17 -0400
To: DNSEXT Working Group <dnsext@ietf.org>
From: Edward Lewis <Ed.Lewis@neustar.biz>
X-Scanned-By: MIMEDefang 2.72 on 10.20.30.4
Cc: ed.lewis@neustar.biz
Subject: [dnsext] "knowing A root key" was Re: draft-diao-aip-dns
X-BeenThere: dnsext@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: DNS Extensions working group discussion list <dnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsext>, <mailto:dnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsext>
List-Post: <mailto:dnsext@ietf.org>
List-Help: <mailto:dnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============9083677028274434611=="
Sender: dnsext-bounces@ietf.org
Errors-To: dnsext-bounces@ietf.org
At 8:32 -0700 6/29/12, Nicholas Weaver wrote:
>... DNSSEC, in practice, relies on knowing A root key.
Not really. The set of trust anchors a validator use is a local
policy consideration.
RFC 4035
4.4. Configured Trust Anchors
A security-aware resolver MUST be capable of being configured with at
least one trusted public key or DS RR and SHOULD be capable of being
configured with multiple trusted public keys or DS RRs...
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis
NeuStar You can leave a voice message at +1-571-434-5468
2012...time to reuse those 1984 calendars!
_______________________________________________ dnsext mailing list dnsext@ietf.org https://www.ietf.org/mailman/listinfo/dnsext
- [dnsext] draft-diao-aip-dns Tony Finch
- Re: [dnsext] draft-diao-aip-dns Ondřej Surý
- Re: [dnsext] draft-diao-aip-dns Stephane Bortzmeyer
- Re: [dnsext] draft-diao-aip-dns Eric Brunner-Williams
- Re: [dnsext] draft-diao-aip-dns Ondřej Surý
- [dnsext] draft-diao-aip-dns Fred Baker
- Re: [dnsext] draft-diao-aip-dns Donald Eastlake
- Re: [dnsext] draft-diao-aip-dns Ralph Droms
- Re: [dnsext] draft-diao-aip-dns Mark Andrews
- Re: [dnsext] draft-diao-aip-dns Warren Kumari
- Re: [dnsext] draft-diao-aip-dns Andrew Sullivan
- Re: [dnsext] draft-diao-aip-dns Stephane Bortzmeyer
- Re: [dnsext] draft-diao-aip-dns Ralph Droms
- Re: [dnsext] draft-diao-aip-dns Mark Andrews
- Re: [dnsext] draft-diao-aip-dns SM
- Re: [dnsext] draft-diao-aip-dns Nicholas Weaver
- Re: [dnsext] draft-diao-aip-dns Doug Barton
- Re: [dnsext] draft-diao-aip-dns Ralph Droms
- Re: [dnsext] draft-diao-aip-dns Eric Brunner-Williams
- Re: [dnsext] draft-diao-aip-dns Jiankang YAO
- Re: [dnsext] draft-diao-aip-dns Jiankang YAO
- Re: [dnsext] draft-diao-aip-dns YP Diao
- Re: [dnsext] draft-diao-aip-dns Paul Hoffman
- Re: [dnsext] draft-diao-aip-dns Phil Regnauld
- Re: [dnsext] draft-diao-aip-dns Paul Hoffman
- Re: [dnsext] draft-diao-aip-dns Phillip Hallam-Baker
- Re: [dnsext] draft-diao-aip-dns Dmitry Burkov
- Re: [dnsext] draft-diao-aip-dns Jim Reid
- Re: [dnsext] draft-diao-aip-dns Ralph Droms
- Re: [dnsext] draft-diao-aip-dns Nicholas Weaver
- Re: [dnsext] draft-diao-aip-dns Jim Reid
- Re: [dnsext] draft-diao-aip-dns YP Diao
- [dnsext] "knowing A root key" was Re: draft-diao-… Edward Lewis