[Yeti DNS Discuss] 答复: Multiple ZSK experiment (MZSK) launching today

Paul Vixie paul at redbarn.org
Mon Feb 22 14:40:29 UTC 2016



'Stephane Bortzmeyer' wrote:
> On Mon, Feb 22, 2016 at 06:19:43AM -0800,
>   Paul Vixie<paul at redbarn.org>  wrote
>   a message of 2 lines which said:
>
>> i think self-signing the zsk makes no sense. that's what the ksk is
>> for. the tisf signer is just wrong.
>
> So .org, .cz, .cn, .pizza and .fr are wrong, too?

i think so, yes. this signature does not add any benefit -- just risk.

-- 
P Vixie


More information about the discuss mailing list