22 Sep
2008
22 Sep
'08
11:09 a.m.
* Colin Alston:
Correct, you need a validating, security-aware stub resolver, or the ISP needs to validate the records for you.
In public space like .com, don't you need some kind of central trustworthy CA?
No, why would you? You need to trust the zone operator, and you need some trustworthy channel to exchange trust anchors at one point in time (a significant improvement compared to classic DNS, where you need a trustworthy channel all the time). -- Florian Weimer <fweimer@bfk.de> BFK edv-consulting GmbH http://www.bfk.de/ Kriegsstraße 100 tel: +49-721-96201-1 D-76133 Karlsruhe fax: +49-721-96201-99