On Fri, 2012-04-27 at 16:18 +0200, Benny Pedersen wrote:
>
>
What you did is just as bad
If you need a list moderator there are appropriate addresses to send
your messages to, directly to the list is NOT one of them
The information you desire can be obtained from
wbr...@e1b.org wrote:
> We are authoritative for a few dozen small zones. Is it possible to use
> the same KSK for all of them? I can see where if it gets compromised we
> would need to resign all zones using the KSK at once. How much effort
> would I be saving sharing the KSK?
With BIND it i
> I was mistakenly thinking the KSK also had an expiration as the
> the ZSK does.
Keys don't expire; signatures (RRSIGs) do.
-JP
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users maili
Jan-Piet wrote on 04/27/2012 10:22:39 AM:
> > When the shared KSK needed to be rolled over, you would have to
> > process DS records in the parents of your few dozen zones all at the
> > same time.
>
> *If* you want to roll the KSK, a.k.a. "when did you last roll your SSH
> keys?" :-)
Correct.
> When the shared KSK needed to be rolled over, you would have to
> process DS records in the parents of your few dozen zones all at the
> same time.
*If* you want to roll the KSK, a.k.a. "when did you last roll your SSH
keys?" :-)
-JP
___
Pleas
Den 2012-04-27 00:11, Shi Jin skrev:
http://guitar-stuff.net/wp-content/.
spam spam spam spam and more wordpress spam spam spam
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this l
On 27/04/12 13:40, wbr...@e1b.org wrote:
We are authoritative for a few dozen small zones. Is it possible to use
the same KSK for all of them? I can see where if it gets compromised we
would need to resign all zones using the KSK at once. How much effort
would I be saving sharing the KSK?
Th
> We are authoritative for a few dozen small zones. Is it possible to use the
> same KSK for all of them? I can see where if it gets compromised we would
> need to resign all zones using the KSK at once. How much effort would I be
> saving sharing the KSK?
My sense is that you would be creat
On Fri, Apr 27, 2012 at 08:40:54AM -0400, wbr...@e1b.org wrote:
> We are authoritative for a few dozen small zones. Is it possible to use
> the same KSK for all of them? I can see where if it gets compromised we
> would need to resign all zones using the KSK at once. How much effort
> would I
We are authoritative for a few dozen small zones. Is it possible to use
the same KSK for all of them? I can see where if it gets compromised we
would need to resign all zones using the KSK at once. How much effort
would I be saving sharing the KSK?
I'm sure there are plenty of other good rea
Jan-Piet Mens wrote:
>
> From a Comcast talk at SATIN 2012 I believe they called that a "negative
> trust anchor", and IIRC, the author wanted to publish a draft of its
> operation.
http://tools.ietf.org/html/draft-livingood-negative-trust-anchors
There has been a lot of discussion on the IETF d
11 matches
Mail list logo
