My Favourites
opensubscriber
   Find in this group all groups
Home     Log In     Sign Up     FAQ    
 
Unknown more information…
d : dnsop@ietf.org 13 June 2012 • 12:10AM -0400

Re: [DNSOP] A good chance to get all riled up - draft-wkumari-dnsop-omniscient-as112-00
by Tony Finch

REPLY TO AUTHOR
 
REPLY TO GROUP



Joe Abley <joe.abley@ican...> wrote:
>
> Since these are all junk domains of no global significance, it's hard to
> see how they could be signed. The expectation is (as currently) that
> they would not be.

And rightly so.

Since it is normal (especially for the RFC1918 zones) for sites to have
local versions of the zones, it is much easier operationally if the zones
are not signed. If they are signed then any site that overrides them would
have to distribute trust anchors to all validators, so that they are able
to resolve the local names without rejecting them as bogus. If the AS112
zones are not signed then distributing trust anchors for local versions is
optional, depending on whether the site wants to bother validating them.

Tony.
--
f.anthony.n.finch  <dot@dota...>  http://dotat.at/
Forties: Northwest 5 or 6, occasionally 4 later. Moderate or rough. Showers.
Good.
_______________________________________________
DNSOP mailing list
DNSOP@ietf...
https://www.ietf.org/mailman/listinfo/dnsop
Bookmark with:

Delicious   Digg   reddit   Facebook   StumbleUpon

Related Messages

opensubscriber is not affiliated with the authors of this message nor responsible for its content.
© opensubscriber 2010
All rights reserved.

Alternate link - Alternate link