Why? Ekr
On Oct 3, 2010, at 8:54, Joe Abley <jab...@hopcount.ca> wrote: > > On 2010-10-03, at 07:59, Tony Finch wrote: > >> On 3 Oct 2010, at 08:27, Jakob Schlyter <ja...@kirei.se> wrote: >>> On 1 okt 2010, at 20.59, Tony Finch wrote: >>>> >>>> Right, so it's aimed at human consumption rather than automatic tools? >>> >>> Given the historical information (together with old DNSKEY), you could >>> build a trust anchor history zone. >> >> Not really, since you need the private key of the old TA to sign the public >> key of the new one to get a cryptographic proof of the history. Without that >> it is just a third party attestation, which is rather weaker. > > As has been expressed many times, old keys are not trustworthy and hence > their signatures have no value. > > > Joe > > _______________________________________________ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
