[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bind9-users
Subject:    Antwort: Re: (no subject)
From:       Holger.Zuleger () arcor ! net
Date:       2002-06-26 8:42:01
[Download RAW message or body]

In the final scenario of DNSSEC with signed delegation, every  resolving NS need
only one trusted-key: The one from the root-zone.
But in  the early years,  I expect a lot of secure islands not delegated by
secure parents. For every secure island I need exactly one trusted-key, right?
In my opinion, there would be possibly many such keys on a side.
Please correct me if I' am wrong.

Holger

P.S. There's no need for your excellent tool "extract_ds.pl". The signing
command generate the DS-record quite good.





"Olaf M. Kolkman" <olaf@ripe.net>
25.06.2002 08:44

An:     Holger Zuleger/TND/Eschborn/Arcor@Arcor
Kopie:
Thema:  Re: (no subject)




-- Attached file included as plaintext by Ecartis --



On Tue, 25 Jun 2002 09:21:12 +0100
Holger.Zuleger@arcor.net wrote:

>
> Thanks for your explanation!
> So I have to write a tool, parsing all keyfiles found in a special
> directory and creating a file with the "trusted-keys" section. Thatīs
> should not so much work.
>
> Holger


Holger,

Just out of curiosity, why whould you have so many trusted-keys? Are you
working on general purpose DNSSEC or do you have 'special' plans?

As an aside, would you happen to have any feedback on the course material now
you started to implement?

--Olaf




--------------------------------------------| Olaf M. Kolkman
                                            | www.ripe.net/disi





[prev in list] [next in list] [prev in thread] [next in thread]