Hello Mr. Tinka & Mr. Andrews , Please see below .
On Thu, 3 Jun 2021, Mark Tinka wrote:
On 6/3/21 00:25, babydr DBA James W. Laferriere wrote:
The Below is to keep thread of thought accurate ...
On Wed, 2 Jun 2021, Mark Tinka wrote:
* Step 2 - take your time cluing up on getting your zone signed, and
being part of the solution toward a more secure Internet. No
pressure, at your pace.
Again , Will this handle the case of self-signed only ?
Not sure I understand your question, in both cases of recursion and
authoritative.
The Signing of the 'Zone' , Can the 'Zone' be signed by a self-signed
key ? Or MUST I (and others) rely on a external certificate authority ?
Mind you I notice in rfc6487 (note(s)) about self-signed certificates .
So Maybe I am being a bit over worried about having to spend more money
just to keep my 2 ip-ranges routing in light of the RPKI initative(s) .
Which Mr. Andrews response below answers quite succinctly ,
On Thu, 3 Jun 2021, Mark Andrews wrote:
DANE works with self generated CERTs. The TLSA record provides the
cryptographic link back to the DNSSEC root.
Thank You Mr. Andrews , Muchly . Is what I was hoping for .
Thank You Both . JimL
--
+---------------------------------------------------------------------+
| James W. Laferriere | System Techniques | Give me VMS |
| Network & System Engineer | 3237 Holden Road | Give me Linux |
| j...@system-techniques.com | Fairbanks, AK. 99709 | only on AXP |
+---------------------------------------------------------------------+
