DNSSEC - does it exist?
Chris Drake
christopher at pobox.com
Mon Oct 23 10:35:56 UTC 2006
Hi,
DNSSEC has been mentioned a few times. It seems to be a way for
authoritative servers to digitally sign DNS replies - with the intent
that client resolvers check signatures - including (as far as I can
tell) the whole chain up to the "root" zone.
What I can't find is any obvious mention of who the root is, nor how
I'd get my keys "signed" by them, nor how a client resolver (eg: a
potential victims Windows XP box) might install a root key - which
leads me to believe there's no DNSSEC root authorities yet, and thus
this protocol doesn't exist.
Am I wrong? (I hope so!!! - and if I am - where/how do I submit my
DNSSEC CSR? - this is a really cool idea)
Kind Regards,
Chris Drake
More information about the general
mailing list