[prev in list] [next in list] [prev in thread] [next in thread]
List: nanog
Subject: Re: .gov DNSSEC operational message - picking a fight
From: bmanning () vacation ! karoshi ! com
Date: 2010-12-29 16:36:30
Message-ID: 20101229163630.GA2294 () vacation ! karoshi ! com !
[Download RAW message or body]
On Wed, Dec 29, 2010 at 02:56:35PM +0000, Tony Finch wrote:
> On 28 Dec 2010, at 22:46, bmanning@vacation.karoshi.com wrote:
> >
> > IMHO, key management should be able to use an OOB channel
> > when the in-band is corrupted or overlaoded. Reliance on
> > strictly the IB channel presumes there will be no problems
> > with that channel. EVER. For me, I don't want to take
> > that risk. YMMV of course.
>
> If normal DNS resolution fails to work then there's no point in getting the keys \
> from another source since there's no data for them to validate.
oh resoultion works a treat. its the validation that gets hosed. :)
--bill
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic