[prev in list] [next in list] [prev in thread] [next in thread] 

List:       nanog
Subject:    Re: .gov DNSSEC operational message - picking a fight
From:       bmanning () vacation ! karoshi ! com
Date:       2010-12-29 16:36:30
Message-ID: 20101229163630.GA2294 () vacation ! karoshi ! com ! 
[Download RAW message or body]

On Wed, Dec 29, 2010 at 02:56:35PM +0000, Tony Finch wrote:
> On 28 Dec 2010, at 22:46, bmanning@vacation.karoshi.com wrote:
> > 
> > IMHO, key management should be able to use an OOB channel
> > when the in-band is corrupted or overlaoded.  Reliance on
> > strictly the IB channel presumes there will be no problems
> > with that channel.  EVER.   For me, I don't want to take 
> > that risk.  YMMV of course.  
> 
> If normal DNS resolution fails to work then there's no point in getting the keys \
> from another source since there's no data for them to validate.

	oh resoultion works a treat.  its the validation that gets hosed. :)

--bill


[prev in list] [next in list] [prev in thread] [next in thread]