30 Jan
2008
30 Jan
'08
1:37 p.m.
On Jan 30, 2008, at 12:10, Joao Damas wrote:
Doesn't everyone check any third party's trust anchors before configuring them into their secure resolvers?
Sometimes. At other times I place trust in registries that do this for me (eg a DLV registry that I find I can trust).
IMO Joao a DLV is a trust anchor. Sort of. :-) What I really meant by trust anchor was "something you stick in a config file to tell a resolver what keys to use for DNSSEC validation". In BIND9, that would be a trusted-keys{} statement or a dnssec-lookaside clause.