17 Oct
2008
17 Oct
'08
4:52 p.m.
On Wed, 15 Oct 2008, David Conrad wrote:
Once more with feeling: the ONLY thing signing the root zone does is to allow for the contents of that zone to be validated. It hides no information. It provides no new mechanisms for subterfuge.
And indeed, anyone can still decide to add or remove trust anchors by configuring it in your resolver. So country X can decide to use a signed root, while stll removing country Y effectively from their signed root. Paul