[Yeti DNS Discuss] 答复: A proposal of preserving IANA NSEC Chain and ZSK RRSIGs
Davey Song(宋林健)
ljsong at biigroup.cn
Wed Aug 23 02:01:44 UTC 2017
Yes. It tries to relieve that nervous in technical way. The ideal solution
is that multiple trust anchor ("and" logic) can work in the resolver. We
just would like to take place the NS rrset, right?
Davey
> -----邮件原件-----
> 发件人: Stephane Bortzmeyer [mailto:bortzmeyer at nic.fr]
> 发送时间: 2017年8月22日 21:38
> 收件人: Davey Song
> 抄送: discuss at lists.yeti-dns.org
> 主题: Re: [Yeti DNS Discuss] A proposal of preserving IANA NSEC Chain and
ZSK
> RRSIGs
>
> On Tue, Aug 22, 2017 at 05:53:11PM +0800, Davey Song <ljsong at biigroup.cn>
> wrote a message of 145 lines which said:
>
> > I just made a post as a proposal of Yeti experiment by Preserving IANA
> > NSEC Chain and ZSK RRSIGs in Yeti root zone.
> > http://yeti-dns.org/yeti/blog/2017/08/22/Preserving-IANA-NSEC-Chain-an
> > d-ZSK-RRSIGs.html
>
> I'm skeptical that it will convince the people who are nervous enough to
think
> that Yeti threatens the security and stability of the Internet. After all,
the
> resolvers will have to use the Yeti trust anchor and, therefore, Yeti
would still
> be in position to do everything.
>
> But it is a nice technical test, so I support it.
>
More information about the discuss
mailing list