li...@rhsoft.net wrote: > Am 07.11.2014 um 19:19 schrieb Michael Ströder: >> So ask yourself: >> If everybody uses the same sort of crappy registration interfaces for their >> DNS entries while simply auto-signing DNS zone entries. Is there a real >> chance >> to achieve the goal? > > does everybody? > i doubt!
Well, time will tell. Let's hope the best. (But looking at the past I'm not really optimistic.) > and even if you are talking about the interfaces to the registry for the key > rollout / change - they have no access to your nameservers and if they are > compromised dnssec would just fail and so any delivery Hint: The attacker does not have to use *your* private keys when being able to exchange the public keys for your zone. But it gets off-topic here. Ciao, Michael.
smime.p7s
Description: S/MIME Cryptographic Signature
