LISTSERV - NCSG-DISCUSS Archives

NCSG-DISCUSS Archives

NCSG-Discuss

NCSG-DISCUSS@LISTSERV.SYR.EDU

	LISTSERV Archives
	NCSG-DISCUSS Home

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Forum View Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: DNS Scaling issues
From:	McTim <[log in to unmask]>
Reply To:	McTim <[log in to unmask]>
Date:	Tue, 27 Oct 2009 21:16:12 +0300
Content-Type:	text/plain
Parts/Attachments:	text/plain (23 lines)

On Tue, Oct 27, 2009 at 6:26 PM, Milton L Mueller <[log in to unmask]> wrote:
> ________________________________________
> From: Jorge Amodio [[log in to unmask]]
>
>>DNSSEC is not a magic solution and it's only one of the tools to start building
>>a more secure infrastructure, and as McTim said just signing the TLDs don't
>>do it, since the "chain of trust" starts from the root.
>
> It doesn't have to start from the root. There can be a Trust Anchor Repository instead.

TARs are a temporary, non-scalable measure.  One key is easier to
configure, rollover, etc.  Managing multiple keys (dozens or
hundreds?) would not be workable.  The design of DNSSEC is a chain of
trust, followed from the root on down, hence one key.

-- 
Cheers,

McTim
"A name indicates what we seek. An address indicates where it is. A
route indicates how we get there."  Jon Postel

ATOM RSS1 RSS2

LISTSERV.SYR.EDU