[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: ike and secure DNS
"Steven M. Bellovin" <smb@research.att.com> writes:
> I'd love to see any sort of secure address-to-entity map. But there
> seems to be considerable uncertainty about who actually owns various
> chunks of address space. Is the database clean enough that it's worth
> signing? I sure don't get that impression from, say, the NANOG list.
Perhaps a small change to what it means to "sign" a zone? If the "root"
could sign my NS records (which "they" own), and my key record (which "I"
own, but supply to them the same way I supply my NS records), then this
works.
But I doubt NSI is willing to accept a KEY record or sign it. Let alone
sign my NS records.
-derek
--
Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
Member, MIT Student Information Processing Board (SIPB)
URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH
warlord@MIT.EDU PGP key available
Follow-Ups:
References: