Okay, so this is a key that's arguably more important than your KSK, because
it's used to protect authentication information and, depending on how you do
business, financial information belonging to your customers. If it's safe
to roll this key every two years, it's safe to roll your KSK no
On Aug 15, 2008, at 8:10 AM, Paul Wouters wrote:
Whether
I get a fake CNN.com page is much less important to me then whether
my nfs
or mail server can be access by something
I'm not sure how relevant this is to the discussion, but I'll answer
the question anyway. I don't use NFS because (
Hi,
On Aug 15, 2008, at 9:15 AM, Ted Lemon wrote:
But until we have root and .com signed, and until the average end-
user is protected by a validating resolver, we aren't done yet, and
I don't really get any actual benefit from my efforts. Which,
tragically, is why it's taking so long.
T
On Fri, Aug 15, 2008 at 11:29:13AM -0700, David Conrad wrote:
> Hi,
>
> On Aug 15, 2008, at 9:15 AM, Ted Lemon wrote:
> >But until we have root and .com signed, and until the average end-
> >user is protected by a validating resolver, we aren't done yet, and
> >I don't really get any actual ben
At 11:29 AM -0700 8/15/08, David Conrad wrote:
Given this, does anyone see any DNS security and/or stability
concerns if a miracle were to happen and the root were to be signed
tomorrow?
Yes, at the time of the first root key rollover. Well, to be more
specific, at the time that all of the ke
Paul,
On Aug 15, 2008, at 12:26 PM, Paul Hoffman wrote:
At 11:29 AM -0700 8/15/08, David Conrad wrote:
Given this, does anyone see any DNS security and/or stability
concerns if a miracle were to happen and the root were to be signed
tomorrow?
Yes, at the time of the first root key rollover.
At 1:01 PM -0700 8/15/08, David Conrad wrote:
Let me try to (hopefully) more clearly articulate my question: given
the fact that caching servers only care about DNSSEC if they're
explicitly configured to do so, does anyone anticipate any
stability/security concerns to those folks who _haven't_
Paul,
On Aug 15, 2008, at 1:51 PM, Paul Hoffman wrote:
If what you really, really mean to ask is "given the fact that
caching servers only care about DNSSEC if they're explicitly
configured to do so, does anyone anticipate any stability/security
concerns to those folks who _don't_ configure
At 4:07 PM -0700 8/15/08, David Conrad wrote:
Paul,
On Aug 15, 2008, at 1:51 PM, Paul Hoffman wrote:
If what you really, really mean to ask is "given the fact that
caching servers only care about DNSSEC if they're explicitly
configured to do so, does anyone anticipate any stability/security
c
> On Aug 15, 2008, at 8:10 AM, Paul Wouters wrote:
> > Whether
> > I get a fake CNN.com page is much less important to me then whether
> > my nfs
> > or mail server can be access by something
>
> I'm not sure how relevant this is to the discussion, but I'll answer
> the question anyway. I do
10 matches
Mail list logo
