Once upon a time, Leo Bicknell <bicknell@ufp.org> said:
Perhaps you could explain why the keys are being made available in formats that, as far as I can tell, no nameserver software on the planet uses? Pretty much 100% of the users will need a conversion from one of the 6 formats you provided, when you could have provided 6 example configs for the 6 most popular nameserver packages and covered 99% of the users with cut and paste.
There aren't 6 formats, there is just one format provided for the current trust anchor set: XML. A simple XSLT will transform it into any needed format. Individual trust anchors (there's only one at the moment) are provided in two formats: PKCS#10 (for signing) and X509 (signed by ICANN). There are also detached signatures (in PKCS#7 format for validation against the ICANN cert bundle and in OpenPGP format) of the XML anchor set file. This is all in the documentation in the same directory (in plain-text and HTML formats). -- Chris Adams <cmadams@hiwaay.net> Systems and Network Administrator - HiWAAY Internet Services I don't speak for anybody but myself - that's enough trouble.