Jan-Piet Mens wrote:
>
> From a Comcast talk at SATIN 2012 I believe they called that a "negative
> trust anchor", and IIRC, the author wanted to publish a draft of its
> operation.
http://tools.ietf.org/html/draft-livingood-negative-trust-anchors
There has been a lot of discussion on the IETF d
We are authoritative for a few dozen small zones. Is it possible to use
the same KSK for all of them? I can see where if it gets compromised we
would need to resign all zones using the KSK at once. How much effort
would I be saving sharing the KSK?
I'm sure there are plenty of other good rea
On Fri, Apr 27, 2012 at 08:40:54AM -0400, wbr...@e1b.org wrote:
> We are authoritative for a few dozen small zones. Is it possible to use
> the same KSK for all of them? I can see where if it gets compromised we
> would need to resign all zones using the KSK at once. How much effort
> would I
> We are authoritative for a few dozen small zones. Is it possible to use the
> same KSK for all of them? I can see where if it gets compromised we would
> need to resign all zones using the KSK at once. How much effort would I be
> saving sharing the KSK?
My sense is that you would be creat
On 27/04/12 13:40, wbr...@e1b.org wrote:
We are authoritative for a few dozen small zones. Is it possible to use
the same KSK for all of them? I can see where if it gets compromised we
would need to resign all zones using the KSK at once. How much effort
would I be saving sharing the KSK?
Th
Den 2012-04-27 00:11, Shi Jin skrev:
http://guitar-stuff.net/wp-content/.
spam spam spam spam and more wordpress spam spam spam
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this l
> When the shared KSK needed to be rolled over, you would have to
> process DS records in the parents of your few dozen zones all at the
> same time.
*If* you want to roll the KSK, a.k.a. "when did you last roll your SSH
keys?" :-)
-JP
___
Pleas
Jan-Piet wrote on 04/27/2012 10:22:39 AM:
> > When the shared KSK needed to be rolled over, you would have to
> > process DS records in the parents of your few dozen zones all at the
> > same time.
>
> *If* you want to roll the KSK, a.k.a. "when did you last roll your SSH
> keys?" :-)
Correct.
> I was mistakenly thinking the KSK also had an expiration as the
> the ZSK does.
Keys don't expire; signatures (RRSIGs) do.
-JP
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users maili
wbr...@e1b.org wrote:
> We are authoritative for a few dozen small zones. Is it possible to use
> the same KSK for all of them? I can see where if it gets compromised we
> would need to resign all zones using the KSK at once. How much effort
> would I be saving sharing the KSK?
With BIND it i
On Fri, 2012-04-27 at 16:18 +0200, Benny Pedersen wrote:
>
>
What you did is just as bad
If you need a list moderator there are appropriate addresses to send
your messages to, directly to the list is NOT one of them
The information you desire can be obtained from
11 matches
Mail list logo
