NCSG-DISCUSS Archives

NCSG-Discuss

NCSG-DISCUSS@LISTSERV.SYR.EDU
Options: Use Forum View

Use Monospaced Font
Show Text Part by Default
Condense Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Sender:
Non-Commercial User Constituency <[log in to unmask]>
X-To:
Milton L Mueller <[log in to unmask]>
Date:
Tue, 27 Oct 2009 14:26:47 -0500
Reply-To:
Jorge Amodio <[log in to unmask]>
Subject:
Re: DNS Scaling issues
From:
Jorge Amodio <[log in to unmask]>
In-Reply-To:
<[log in to unmask]>
Content-Type:
text/plain; charset=ISO-8859-1
MIME-Version:
1.0
Parts/Attachments:
text/plain (14 lines) 
>>DNSSEC is not a magic solution and it's only one of the tools to start building
>>a more secure infrastructure, and as McTim said just signing the TLDs don't
>>do it, since the "chain of trust" starts from the root.
>
> It doesn't have to start from the root. There can be a Trust Anchor Repository instead. DNSSEC has already been implemented by several ccTLDs and .org

That's right and it's what we are using for the zones that are already
signed and we
are gaining some operational experience and headaches right now, but it's not
intended to be the final architecture.

Regards
Jorge

ATOM RSS1 RSS2