On Tue, 5 Jul 2005 15:28:50 -1000 Randy Bush <randy@psg.com> wrote:
hi olaf,
for us simple-minded folk who do not track dnssec details, could you tell us what trusted key(s) we will have to load to securely verify the signed zones? and is there an idiot's howto?
Hello Randy, [Moved the discussion to dns-wg only, apologies for not setting the reply-to header] In the absence of a signed parent domain the trusted-keys will be made available through a secured web page. The keys will only be made available after we start signing the zone in production. Also see the last part of: http://www.ripe.net/rs/reverse/dnssec/key-maintenance-procedure.html For a howto on to configure a validating server see: http://www.ripe.net/projects/disi/dnssec_howto/ or: http://www.ripe.net/projects/disi/dnssec_howto/dnssec_howto.pdf I hope this answers your question. -- Olaf ---------------------------------| Olaf M. Kolkman ---------------------------------| RIPE NCC